XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Multiple search domains with SSL VPN

    Some other products allow for multiple search domains/search suffixes. This would be a good feature to implement in the XG.

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. IPSEC and SSLVPN site-to-site auto fallback to primary link

    VPN tunnel (both SSL and IPSEC) does not revert to its primary WAN interface, manual disable and reenable the Failover group/SSLVPN Client status for the tunnel to be established via Primary WAN interface.

    23 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. ethernet ip below pppoe interface

    Allow setting an IP address to the ETH interface below the PPPoE interface for access to the modem/router configuration in that interface, this has been a huge oversight since UTM.
    Right now the only way to Access the modem is to turn the interface to a standard Ethernet and config the correct IP to access the modem, which is cumbersome, needs reconfiguration and breaks the connection(no way to monitor the modem with the PPPoE connection up)

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. User bookmarks in clientless portal

    it would be great to allow user to add their own bookmarks or to allow group bookmark AND user bookmarks on admin interface for a given user.
    at the moment, you can only give access to a group bookmark.

    since SMB bookmark seems to need authentification (at least i was not able to make them work without automatic login), each user needs a different group of bookmarks!
    it's a mess and a considerable amount of work.

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Integrate other Sophos tools (Sophos Home and Sophos Android Security) to be controlled through XG

    I would like to see the other Sophos security tools cooperate better with XG firewall. For instance:

    I would like to see Sophos Home integrated into the Security Heartbeat feature and allow endpoints with Sophos home to report their status, like it appears on the website. Also, any configuration that can be done on the Sophos home website should be available via the XG interface. It would also be nice if the Sophos Home software on and endpoint can detect that it is internal to the XG firewall and defer security settings to the XG, while becoming fully active when…

    36 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Ability for the Authentication Agents to provide warnings to users

    It would be nice if the firewall would push down warnings to users through the authentication agents of pending quotas or schedules or any system action that will cause the user to be logged out of the firewall. Right now, when a logout event is reached, the user is logged off the firewall with no warning. For users of online services, this does not give them a chance to save work before connection to the internet is lost.

    For instance:

    Provide a popup from the authentication agent when there is 5 minutes (configurable) left before automatic logout due to a…

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  7. Implement support for dynamic/public IP/URL blacklist feeds

    Alienvault has OTX (Open Threat eXchange) and there's https://intel.criticalstack.com/.
    There's also a very big player, Palo Alto Networks that provides Minemeld (see links at bottom of this post).

    They all provide public feeds of known hostile IP addresses/ranges and URL's*.

    I would really like to be able to make use of such feeds so I can create specific rules on my firewall to block all incoming traffic from these sources and possibly outgoing URL requests to known C2 servers.

    If this blocked traffic (the outgoing attempts) is logged in a specific log, it would have the additional benefit of…

    52 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow ICMP request from WAN on Public Alias IP Address

    Hi,

    on WAN port we have multiple alias public IP Address. now i want to allow ping only particular alias IP Address from outside world to check the wether the Server is up or down purpose.

    so please include this feature XG Firewall.

    we have urgent requiremnt for this because we are in ISP businees so we want to allow ping request from any source.

    Regards,
    Kamal Patel

    24 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Users to have ability to manage emails Whitelist and Blacklist via User Portal and quarantine report .

    Users to have ability to manage emails Whitelist and Blacklist via User Portal and quarantine report .

    295 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    36 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Heartbeat: Drop to next rule on heartbeat failure

    I would like to suggest that with heartbeat enbaled that when someone is Red or no heartbeat that there is an option to either block internet access, or to drop next policy in the list

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Synchronized Security (Heartbeat)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Email Protection: Implement SPF and Header functionality into Sophos XG

    Hi Sophos, for Security and anti Spam enhancement please include the spf check and header modification functionality in your xg firewall.

    191 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add packet tracer feature

    A feature like Cisco's ASA Packet Trace utility will be very nice. I like the XG firewalls but I really miss the Packet Tracer. Here's a little bit about it:

    https://supportforums.cisco.com/document/29601/troubleshooting-access-problems-using-packet-tracer

    I like it because you don't need to setup test hosts - the test packet virtually injected from the appliance itself.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. single sign on for Bookmark in Clientless Access VPN

    XG cannot forward the user identity from User Portal to Bookmark in clientless access VPN.
    At the moment, we have to configure a shared login credential (Automatic Login) for Bookmark.
    It would be better if XG retrieve user information from a User Portal session and forward it to a Bookmark.

    20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. 'Blocked File Type' for POP3 / IMAP

    Like SMTP option, allow to remove MIME type (especially Office document containing macro .DOCM which is used by Locky)

    16 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. migration tool from UTM9 to XG on same model

    We need tool for migrate UTM9 to XG on same model

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Support for IPOE

    Support for IPOE, since it' s not only in use for consumer lines, but also for >100MB business lines, because lower overhead then pppoe.

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. rule grouping / rule inheritance / rule subclassing / rule nesting

    In general i want to define a incomplete parent thing and create multiple childs base on it. To make it easy to understand, options defined in the parent should not be allowed to change in the child. And the display should reflect this relation.
    This could reduce unneeded options need to manage. For example, i didn't need to create two mostly idnetical rules if i want some of my users to access a application from more networks or times. Or create multiple mostly idnetical rules to apply different qos policys base on source zones

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. RED DHCP relay option

    Please add support for DHCP relay server on RED units.
    I need my clients to get IP adresses from internal DHCP server, NOT from RED unit, NOT from central XG boxes. Right now i solve this by making the RED tunnels using an intermediate ip adress and subnet, then going through a Layer3 switch at every location, to get this working.
    I would like to skip all the L3 stuff at the sub locations, and simply have a unified network through the REDs and the XG boxes - but i need my clients to receive, and register, to my internal…

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Configure delay to redirect to URL after Wireless login

    The time it takes after the user logs into the wireless hotspot to redirect them to a URL is too long. It would be great to have a option to enter in how many second before it should redirect to another URL. Editing the HTML to change the seconds before redirecting is very daunting and it should be just an option.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Ending a wireless session

    There is currently no way to see a wireless session and disconnect that person or device from their wireless session. Good security feature for blocking a device or the devices MAC address of that device.

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.