XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Using Sophos Home for Home licence

    The Security Hartbeat uses the commercial version of Sophos cloud services.
    For home licence users it would be nice to have the Sophos home cloud instead of to exchange the Sophos endpoint protection of UTM).

    77 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Synchronized Security (Heartbeat)  ·  Flag idea as inappropriate…  ·  Admin →
  2. Common Objects used in all configurations

    Give us objects like in the UTM, Why do i have to set a static ip in the dhcp, add a dns record in the dns server and create a ip host object for firewall rules, when i could do it all with one object in the UTM.. This was for me a really really perfect feature and it makes it all a lot easier to administrate since you don't have to do the same over and over again for different parts of the configuration.

    94 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. SSTP VPN - Native Support

    Microsoft PPTP VPN is using a weak algorithm (MS-CHAP v2 which can be cracked) so you should upgrade to SSTP vpn protocol available from Windows Vista. You could allow users to download certificate from user portal and no more actions are required on client side. Think about whem you need to manage 100 users and you need to manage them, such as udating their client or when they move from once PC to another. In this way, is the client OS that manage the entire overhead and from XG side is another add-on from TMG's competitor.
    The same request has…

    47 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. Sophos XG to support fq_codel QOS

    Can we please get fq_codel enabled for QOS by default, looks like the kernel will need upgrading too

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Multiple upstream web proxies

    Define multiple upstream HTTP proxies.

    Define URL-based policies to determine which proxy should be used, or whether traffic should go direct.

    Each proxy may require authentication.

    39 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. 13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Can we have live Bandwidth speeds for Interfaces?

    It would be great to be able to see live Bandwidth speed stats for each Interface like we had on UTM.

    509 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    25 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Editing multiple policies at once

    It will be nice to have the possibility to editing multiple Policies at the same time by having a check box on the left (as it is already available on Services Objects) and be able to perform general modification, such as:

    enable/disable logging
    
    edit MASQ
    edit users/groups member
    enable/disable heartbeat
    allow/deny/reject action
    change Application/IPS/Web filtering
    malware scanning option

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. CLI - More basic commands to manage XG

    Give us the chance to manage XG basic features from CLI, such as:

    creating/editing/deleting network objects
    creating/editing/deleting services
    creating/editing/deleting users/groups
    creating/editing/deleting ips/application control/web policies
    creating/editing/deleting and managing VPN

    and more.....

    146 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Dynamic DNS - Create own providers like possible with SMS Gateways

    Create own providers under Dynamic DNS like it's done under SMS Gateways like to update IPv6 Tunnel endpoints when the WAN IP changes or third party DynDNS Services.

    46 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Dynamic DNS Providers  ·  Flag idea as inappropriate…  ·  Admin →
  11. ip tunnel - local endpoint - Possibility to choose an interface instead of fixed IP

    If you have DHCP on the WAN interface and also an IP-Tunnel which terminates there, it would be great if you can configure the local endpoint dynamically. (Take the IPv4 value of interface Port1)

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. add AICCU support (ipv6 sixxs.net)

    Add AICCU support (Like on UTM) [https://www.sixxs.net/tools/aiccu/] for Sixxs.net ipv6 tunnel handling.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Drop Zones

    Drop the whole concept of Zones in the access policies. They are redundant when the polices already state the networks and the interfaces.

    That is to say, a Zone means nothing when you already have to define the source network an the interface it arrives on.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add OpenDNS DynDNS Provider

    Just migrated from UTM to XG. It's fantastic. One small thing, please bring back support for OpenDNS dynamic DNS. Please, please.

    69 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  Dynamic DNS Providers  ·  Flag idea as inappropriate…  ·  Admin →
  15. Assigning static ip to SSL VPN users

    It would be very convenient to assign static ip to users logging in through SSL VPN client. Currently this feature is available only to L2TP and PPP users.

    263 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    71 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. Mobile network agent: Only attempt auth to known SSIDs

    Tried network agent to authenticate users and it is a very nice feature.

    Once installed, you connect with mobile to user portal, download certificate and import inside the APP.
    However I would suggest to add an option inside the APP that allow the APP to work only when the mobile is connected using a specific SSID Wi-Fi connection. At the moment, the only integrated option are:

    Save Password

    Auto Login

    This ensure that user do not need to open the APP when they are back to work and save battery.

    29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. XG as NTP Server

    NTP Server is a small package and UTM9 has it. In some small organization, having a central NTP server is a nice feature.
    Can you add it into future release?

    You can put it inside device access, denying WAN from using NTP server for security reason.

    695 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    44 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Force delete object

    At the moment, if you try to remove a object used somewhere (Policy Rule for example) a message appears saying that "the object is already in use." So give us where the object is in use and allow Admins to delete it.
    You can add an extra column with number of times the object has been used and give LINK where the object is used so we can go directly to the place and check if can delete it or not.

    164 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    22 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow Configuration of DHCP Options

    UTM 9 had great DHCP options that you could assing globally or to an individual pool. For people with VoIP deployments this is Huge.

    375 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. WAF: more authentication type

    At the moment there are different type of authentication missing even on UTM9 against ISA server 2006, such as:


    1. Two-factor authentication using forms-based authentication and a client certificate.

    2. Delegation of credentials by using NTLM or Kerberos authentication.

    3. Kerberos constrained delegation.

    4. Secure Sockets Layer (SSL) client certificate constraints

    In this way, XG and UTM9 are the very alternative to ISA Server.

    140 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.