XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. True Network DLP

    DLP works quite well on Email but it is time to implement it even on Web. I would like to be able to know what my users are uploading to Cloud, DropBox and Webmail and decide to stop and log or log only. Also VPN client should be able to talk with XG and scan what users download from the company to their pc and block unauthorized content.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Failover for dyndns.

    Have a failover feature for dynddns. if main wan port goes down it can failover to the backup wan.

    57 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Dynamic DNS Providers  ·  Flag idea as inappropriate…  ·  Admin →
  3. Additional BGP features

    Within UTM you supported additional BGP configuration options than what is present in XG. I would specifically see AS prepend and filter lists implemented in XG.

    Thanks,
    Bob

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. User Management - make paging configurable and easier to navigate

    On systems with a large number of users (we have over 1100) the user management page is difficult to navigate. Clicking through pages of 20 users one page at a time is time consuming. I would like the ability to modify the number of users listed on each page. Choice of 20, 50, 100, 250 per page, for example, would be great.

    Also, the ability to jump to a specific page would be a nice feature.

    Thanks,
    Bob

    19 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. User Portal / SSL VPN Portal

    Unlike Cyberoam, SSL VPN and User Portal are now combined here in Sophos XG. There are issues on our clients regarding on this for security purposes. We, Netplay Inc. is requesting to at least and administrator of the GUI could be able to modify or edit what users can see to the current user portal we have.

    Example: After user log on their account. SSL VPN is the only visible.

    46 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow IP Host Groups to be added to IP Host Groups

    Allow IP Host Groups to be added to IP Host Groups.

    I am migrating a SonicWALL configuration to a Sophos Firewall and am running into the issue that the SonicWALL supports nested groups and the Sophos Firewall not. Since I am using the API to script the configuration conversion and push the configuration its quite a big slow down to have to do it manually afterwards.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Report Format

    Hi,

    We should add parameters in user wise report and domain wise report.
    Eg. we need one report which has following parameters,

    Top 10 Users; Top 10 websites/web domains accessed by each; data trasferred on each website and time spent on each website.

    This report then can be scheduled on daily basis.
    E.g.2 - Right now we have Executive User Report. Similar to this we should have Executive WebDomain Report with "top10" in each of them.

    Thanks,
    Jeevan
    HTPL

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  8. Wildcard search within Network Rules

    If I go to IP Host and filter by "Port", I see everything containing that keyword. However, if I go to edit a Network Rule in Policies and type in "Port" in the Networks search box, I get no results. In the Networks search box I seem to be unable to find anything unless I know the beginning name of the network I wish to search for. In this case, I have to enter "#Port." IMHO it would be better if the search term was treated as an "include" type match versus a "begins with" search.

    37 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. WAN without gateway

    Earlier on SG, we used to have options to check if gateway is available on any interface but on XG it is compulsory to keep gateway on WAN which is quite annoying while having L2 links connecting its numbers of offices where I need IPsec VPN.

    31 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Services: search for defined services by port

    In the Services, i cant see if i have a Port/Service Defined.
    So either searchable port numbers (now its only the Name)
    or Display all Services on one page, so i can search

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Ability to schedule monthly reports

    Scheduling Monthly Reports is not possible. On UTM this was a basic feature. They can be used to review the trend month by month.
    Strange to request such a basic feature.

    85 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  12. WAF Virtual Patching and Brute Force Attack

    Other UTM/WAF vendors integrate virtual patching features on their product. A really brute force protection in missing on WAF too.
    Please add it.

    35 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Let's Encrypt Integration

    It would be very nice if Let's Encrypt certificates (letsencrypt.org) can be generated directly from the XG Gui. So that the "Let's Encrypt Client" is integrated in the XG. Would it be possible?
    Best Regards

    712 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    65 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Use IP range or network object for allowable Radius accounting requests

    customer got a Meraki Wireless network and basically each WAP processes the request and then would need to forward the accounting request to the Sophos firewall. So without using IP range or cidr they need to enter 150 ips individually.

    If ip range or cidr option is available then It will let then to do radius accounting on wireless network without
    having to put in 150+ radius clients.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Hardware health: Thermal sensors and fan speed reporting

    Hi

    Some sort of hardware status feedback would be very nice. Most importatn would be CPU and mainboard temperature, however fan speed would also be nice.

    133 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Compare / Diff Policies

    It would be handy to be able to compare / diff policies. You can currently do this manually by opening two pages side-by-side, but that is cumbersome and error prone.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Decryption Port Mirroring

    The Decryption Port mirror feature provides the capability to create a copy of decrypted traffic from a firewall and send it to a traffic collection tool that is capable of receiving raw packet captures–such as NetWitness or Solera–for archiving and analysis. This feature is necessary for organizations that require comprehensive datacapture for forensic and historical purposes or data leak prevention (DLP) functionality.

    35 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Routing Table - Show

    Available in the GUI or CLI able to visualize the active routing table.

    This feature exists in other manufacturers, such as Fortinet for example

    45 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. SSH Access - User can access the SSH with its own credential

    Currently it is possible to access the SSH only with the ADMIN user.

    For companies that need to be compliance with the PCI this is not acceptable.

    It is very important each User can access the SSH with its own credential for audit purposes

    106 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow changing threshold for the Performance system monitor on the XG homepage.

    Allow changing threshold for the Performance system monitor on the XG homepage.

    My system always sits in Orange even when network use is really low.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.