XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. GUI Search

    I often find myself hunting around the interface for various settings. It would be quite handy to have a search box where I can search for a particular setting, select it from a dropdown of results, and then be taken directly to the page.

    106 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Create a Migration Assistant (web)application for the Firewall-OS

    Cyberoam has a Migration Assistant which converts for example a SonicWALL UTM configuration to a configuration for the Cyberoam UTM appliances.

    The Sophos Firewall-OS already supports an API which uses, just like the IMPORT/EXPORT feature, an XML structure for setting configuration. Now I have to if possible create a script to find configuration components and convert the structure to match the XML structure for the Sophos Firewall-OS. Other vendors support configuration exports in XML format or other kind of readable format.

    Such a tool would make it easier to migrate a customer to the Sophos Firewall-OS, making the choice for…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Edit/Delete default IPS rules

    XG comes with IPS built-in rules and cannot be customized or deleted. At least allow us to customize them in order to add/remove Signature.
    I always like to keep the Appliance as clean and light possible and I would like to delete default IPS rules too.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow IP List to be added to IP Host Group

    You can add an IP range or IP subnet to an IP host group but not an IP list.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. UI should show pop-up info for network object everywhere

    Please correct the UI so that the Port designations include the subnet or IP address associated with them EVERYWHERE. Right now sometimes when you select a port from a list it will include that information and at other times it is missing. I have a hard time remembering which port number is which interface, it is reminiscent of the frustration of working with SonicWall devices and their annoying X0, X1,X2, etc. designations.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add an UNDO Button

    Would be helpful if you could reverse changes to say a firewall rule or security policy just by clicking on an Undo button.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add Visualization of Networks and VPN Connections

    Would be awesome if you could look at a chart of how your network is configured from within the XG. Might make diagnosing issues easier if you could see precisely where things are breaking with this kind of visual feedback.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Scheduled Installation of the AV Updates and Firmware Installation.

    Scheduled Installation of the AV Updates and Firmware Installation is required. The firmware updates and AV Updates should get automatically downloaded over the WAN interfaces, however installation of this updates should be done only when the Date and time is scheduled by the Network Administrator.

    In addition to the available scheduling options, the custom category should be added, where in the administrators can select a custom date and custom time, after selecting the custom date and custom time the system should prompt if these settings are just to be executed once, daily, weekly, every 15 days or monthly.

    745 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    92 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add Windows XP as a High Risk Application

    Can you add the ability to detect what operating system a computer is running (based on HTML headers perhaps) and warn if certain operating systems such as XP are seen?

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Detection Requests  ·  Flag idea as inappropriate…  ·  Admin →
  10. "One-Click" Compliance button for easy PCI compliance

    Would be great if you could add the ability to configure the UTM for PCI compliance with a simple check box or wizard. As it is now it becomes a real chore to comply with PCI DSS on both the XG and UTM 9. Adding this would be a first in the industry most likely.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support Multiple Forest not Trusted

    STAS rocks! Anyway if you have to manage multiple Forests (not trusted) the XG cannot accomplish the task. Other vendors support this feature. This feature gives to XG a step further for use it in big environment.
    When you will implement this feature, you should allow the Admins to decide if split the XG in multiple firewall (virtual firewall feature http://feature.astaro.com/forums/330219-sophos-xg-firewall/suggestions/11262702-virtual-firewall) or not.

    Thanks.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  12. Availability Groups

    In the UTM I had a "Public DNS Servers" availability group, which was listed in "DNS Forwarders". I found this to be the best way to maintain reliable DNS forwarders in the UTM. Currently there is no way to create availability groups in the XG, let alone use them for DNS forwarders. I miss this feature.

    59 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add navigation to first and last page for multipage displays

    In log files and in other areas of the UI where there are multiple pages presented, you can only go right or left one page at a time. A multipage selector with first and last controls would be ideal. But at a minimum be able to go to first page/last page directly. When paging through a log, it takes a long time to get back to the first page.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Web portal to view secure email

    The SPX Email Encryption is an awesome feature used by many of my customers. However, it's not always trust by recipients because everyone these days are taught not to open unusual emails. The likes of UK Government and Barclays send an email to you to say there is a secure document waiting in their portal. So you logon and see that document and have the choice to save it locally.

    What would be awesome is this same/very similar feature on the UTM/XG, so you still have the SPX encryption engine but the email/pdf is held on the device for X…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. RED: Webfilter Agent or Module on RED for local web breakout.

    Lots of customers love the idea of the Sophos RED, but they are less enthusiastic when they learn about the web filtering limitations.
    The remote site must have an Internet connection as this is what the RED uses to connect back to the central SG/XG, but if they use this for direct internet access, they have no web protection features. If they backhaul web traffic to the SG/XG they get web filtering, but waste a lot of bandwidth in the process.
    I am suggesting a RED, that allows local breakout, but has a local web filter proxy controlled transparently by…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add Lookup for Message ID on Security Policy Log

    Security Log Denies shows a 'Message ID' but there is nowhere to look up what the message is saying.... even an on-line table with the ID's and maybe a link from the ID in the log or even a link on the page to the table would be muchly appreciated. WE see that its getting denied? Why is it getting denied? For instance what is 01001 message ID?

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Use the userPrincipalName (email style) for AD users

    Hi please use userPrincipalName instead the fuuuu... sAMAccount with 20 letter limit.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Wi-Fi Support multiple Radius Server for failover

    XG can use only one Radius server to authenticate users when they are connecting to Wi-Fi networks. Please remove this limit. If the single radius goes down, clients cannot authenticate.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Access ID - Available for Partners

    Sophos support can connect to XG appliances using Access ID (once enabled by customer). This option should be available for partners too. This can simplify our troubleshooting without using third-party utility or have a long list of SSL VPN.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow Wildcard Support for Email Domain Filtering

    Would be very helpful to be able to create content scanning rule using wildcard to filter known spam/spoofed email top-level-domains.

    Example:
    Filter rules using .xyz, .dot, etc. instead of domain1.xyz, domain2.xyz, domain3.xyz, etc.
    *.dot

    63 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.