XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. WEB: restrict proxy access between internal subnets

    Currently the web proxy allows you to access anything the Sophos can access. This means is you have multiple segments of trusted and untrusted traffic on the same XG that both the trusted and untrusted devices can access the content of each network using the proxy.

    Please make an option where hosts and subnets can be denied for specific filter rules.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. WAF: IPv6 support

    Allow IPv6 (and IPv4) for WAF

    42 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Objects: Add default objects like in UTM9

    Add objects such as Any-IPv4, Internet IPv4, Internet IPv6 etc.

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. WAF: Allow Wildcard domain names

    Allow the use of wildcard domain names for Webservers. Also allow them to be sorted in priority so that a more specfic FQDN takes precidence over a wildcard domain.

    29 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Provide a way to check vulnerabilities for coverage by current IPS signatures

    To assess ones current level of protection, being able to check coverage of known vulnerabilities (e.g. by CVE-ID) is desirable. Implementing a solution to lookup IPS-signatures for coverage of specific CVE-IDs would be helpful.

    14 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Make Web Proxy User Notifications fully customizable

    Being able to fully customize the user notifications (displayed to the user when browsing blocked or warned pages, for example (PROTECT --> Web --> User Notifications --> Message for Warn Action )) is desirable, e.g for purposes of translating the pages. The possibility to use templates with variables would be greatly appreciated.

    37 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Wireless: Log device connection events with MAC to syslog

    We did logging configuration with syslog for the model Sophos SG85W but mac addresses of Wi-Fi connected devices can not be seen in the logs.

    This feature is important for filtering specific devices. Could you please add mac addresses of the devices in the logs.

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Broadcom NIC driver support in XG

    From experience and from forum post Broadcom NIC driver support is lacking or not working.
    Many Dell and HP servers use NICs from Broadcom.

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Orderly Shutdown of XG HA Cluster from GUI

    Orderly Shutdown of XG HA Cluster from GUI
    When the admin selects shutdown in the GUI if the XG Firewall is part of a HA arrangement either Active/Passive or Active/Active it would be a good idea to automatically conduct an orderly shutdown / restart of the HA cluster in a seamless manner. This could avert the potential for any corruption related to sync failures etc.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Keep the upn added to the userid for multiple domain authentication

    In case of a multiple domain environment, it would be nice to route the users authentication requests to the right authentication server based on their UPN (@domain.local).
    Unfortunately, the Sophos XG will removef the UPN, and will only send the userid to the authentication server.
    So for example, using radius proxy for sending the authentication requests to the right AD server will not work, as we can not make a routing desicion based on the UPN.
    This is for many customers a big issue.
    In Cyberoam OS 10.6.2, the UPN is untouched, but from releases higher than that or Sophos…

    122 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Option to change the host ip address into a name under reports

    Option to change the host ip address into a name under reports for easier identification

    18 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  12. SCEP to renew certificates

    When you need to manage multiple XG devices, you can use SFM to simplify your life.
    If you need to use a certificate (on IPsec VPN, WAF, etc...) it's possible to upload or create a CSR under System > Certificates.

    But, you need t manually renew all certificates when it's close to expire! If you manage 300 XG devices, you will need to manually renew all certificates, and access each device, to update and remember where you used a certificate that needs to be renewed.

    There is the SCEP (https://www.ietf.org/proceedings/69/slides/pkix-3.pdf), supported by a wide range of CA (Cisco,…

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Have a preferred master option for HA pairs active/passive

    Submitting on behalf of client:
    Like the UTM 9 HA engine it allowed us to select a "preferred master" which in the event of a failover the node will attempt to switch back once it comes back up.

    Due to the way the XG licensing works in HA this would be an important feature as only ONE firewall has the "master" subscription license and the other is just a base (passive).

    19 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Socks proxy

    As in UTM 9.x there was an option to use the utm as socks5 proxy using port 1080, that was very helpful when you try to connect lan computers to remote servers over the internet without the need to open firewall rules o natting, ie. bank applications to transfer data between pc and bank office using secured channel instead of web browsing.
    We used to run Hummingbird socks proxy client.

    37 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Azure and AWS automatic host groups

    Hello.
    Azure (and I think AWS does the same) releases weekly an updated xml file containing all the subnets related to Azure services and region.

    It would be great if Sophos XG could maintain an updated "Host Group" with all the Azure (or AWS) subnets to use them in firewall rules, routing etc...

    Everyone is moving to the cloud, Sophos XG should consider it!

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Proxy Pathing

    Provide the facility to publish sub-directories in path selection as well as static 'web server'. This is useful for many different reasons and has traditionally been known as proxy pathing. This allows a user to enter an FQDN and to have that transparently connect to a sub-directory of the web server. Also, it allows virtual directories of a single FQDN to transparently map to different sub-directories of the same server, or even a different web server entirely.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Sophos XG weekly backup email notification subject

    Hi Sophos ,

    For the XG model weekly backup email notification can't change subject name.

    Because during the email backup we received multiple device with serial number. We hope can change the subject from Serial number to company name.

    thank you
    Ray
    I hope future be improve

    19 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  18. Monitor UPS health and orderly shutdown

    Most home/business firewalls are on a UPS (or should be, IMHO).

    It would be nice to have a software that monitored UPS health and could do a orderly shutdown if power loss was imminent.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. PPPoE and IPv6

    Please support IPv6 over PPPoE. That was working more or less in Version 9.X and older and it would be great if we could get and IPv6 connection over PPPoE again.

    52 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow regular expression matches on URLs in Web Policy

    The ability to be able to use regular expressions to match URLs in the Web Policy, not just in Web Exceptions.

    This was possible with SG UTM.

    45 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.