XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. migration tool from UTM9 to XG on same model

    We need tool for migrate UTM9 to XG on same model

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support for IPOE

    Support for IPOE, since it' s not only in use for consumer lines, but also for >100MB business lines, because lower overhead then pppoe.

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. rule grouping / rule inheritance / rule subclassing / rule nesting

    In general i want to define a incomplete parent thing and create multiple childs base on it. To make it easy to understand, options defined in the parent should not be allowed to change in the child. And the display should reflect this relation.
    This could reduce unneeded options need to manage. For example, i didn't need to create two mostly idnetical rules if i want some of my users to access a application from more networks or times. Or create multiple mostly idnetical rules to apply different qos policys base on source zones

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. RED DHCP relay option

    Please add support for DHCP relay server on RED units.
    I need my clients to get IP adresses from internal DHCP server, NOT from RED unit, NOT from central XG boxes. Right now i solve this by making the RED tunnels using an intermediate ip adress and subnet, then going through a Layer3 switch at every location, to get this working.
    I would like to skip all the L3 stuff at the sub locations, and simply have a unified network through the REDs and the XG boxes - but i need my clients to receive, and register, to my internal…

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Configure delay to redirect to URL after Wireless login

    The time it takes after the user logs into the wireless hotspot to redirect them to a URL is too long. It would be great to have a option to enter in how many second before it should redirect to another URL. Editing the HTML to change the seconds before redirecting is very daunting and it should be just an option.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Ending a wireless session

    There is currently no way to see a wireless session and disconnect that person or device from their wireless session. Good security feature for blocking a device or the devices MAC address of that device.

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add customizable log notifications so we can be emailed with an intrusion is detected

    Every other firewall i have used has had the ability to email alerts and log files based on customized thresholds. This feature is lacking from the XG. The only thing it allows you to do is setup notification settings for when IPSEC tunnel drops and comes up.

    29 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  8. Implement avahi to make life with Apple devices a lot easier

    When you have a network will apple products you will soon relise that unless they are on the same subnet they will refuse to see each other, this is because bonjour just refuses to work over subnets.

    avahi can solve this but don't really see the point in setting up a server running linux to do such a small task which should be added into Sophos itself.

    I saw a feature request just like this for UTM 9 and the was no response from an admin, seeing as XG is a new platform I am hoping this feature might actually…

    22 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Firewall rule with content/application matching for custom QoS/Gateway configurations

    Allow firewall rules to "match" by application, and thus permit custom routing/qos. E.g (Streaming out lower cost WAN1, VoIP out faster/more expensive WAN2)

    This would be (layer7) application based (Not Subnet/Port based)

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Hostname displayed in Dashboard

    A partner asked if there is a faster way of identifying which Sophos XG Firewall he is looking at just by looking at the Dashboard. The only answer I could give was compare the serial numbers. I think it makes sense if the hostname of the XG can be displayed in the Dashboard so that Partners or even administrators who are managing several of them can quickly tell them apart.

    72 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Management Interfaces with dedicated routing table

    It would be appreciated to have different routing table for the management interfaces and the firewall.
    Management interfaces on management vlans with different gateways and different routing priority.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Rename RED devices on XG

    Why on earth am i not able to rename my RED units to something sensible? Instead all units is called reds1,reds2, reds3 etc, in the name they are added!
    This is hopeless - and it quickly becomes hard to identify the units/networks!

    34 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. Guest WiFi: Log by MAC address

    In France, we need to have 1 year of log on Guest Wifi.

    Actually, the logs are by IP address but we don't have logs which associate MAC address and IP address.

    Maybe you can add a new feature by the possibility to configure logs by MAC address and not by IP address.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  14. CaptivePortal Simultaneous Login Limit options

    A) It should be possible for users to see their Active Authenticated Session(s) in the “User Portal” and users should have the option to disconnect any or all of their sessions.

    B) Alternatively it would be beneficial to have the choice between
    preventing further logins when the Simultaneous Login limit is reached or logging of a previous session e.g. the oldest session and allowing a new session whilst still adhering to the Simultaneous Login limit.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Profiles for Sophos Network Agent app

    It should be possible to have multiple connection profiles for the “Sophos Network Agent” for iOS and Android applications to allow connection to different firewalls with different credentials. Connections should be established as soon as the device is connected to the network without having to open the app first.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. load-balance:Session Persistance

    One among issue noticed with XG -Load balancing is that whenever Gateway loadbalancing is done some websites with authentication enforced ,are getting errors.At time of authenticating this user in websited noticed session going through wan1 & later on a diffrent connection post-authentication going through wan 2.So isnt there any logic of session persistance over wan based on destination IP,
    Feature requesting is to add logic of destination ip based persistance over Round Robin algorithm presently used

    24 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. New 4G stick hardware support - ZTE MF823L

    Hi,

    We are trying to connect a modem ZTE MF823L on the Sophos XG 85 (MR2) in order to enable de WAN link over 4G.

    Sophos XG is not creating the Serial porta (/dev/TTYUsb) for this modem and without it the

    XG is not able to open de modem and dial the connection. Regarding the log bellow, the driver wasn't found.

    This modem is very common over Brazilian carriers.

    Please add support for this modem ASAP!


    • LOG: /log/mdev.log

    Fri Jun 3 10:10:00 BRT 2016 add event: add event from /devices/pci0000:00/0000:00:1d.0/usb1/1-1/1-1.1
    Fri Jun 3 10:10:00 BRT 2016 add event: firing usb_ms…

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Firmware update throttling

    While XG Firewall is great to handle traffic shaping for devices behind the firewall it can (does) completely occupy the available download bandwidth when downloading firmware or AV updates limitting production workloads to run in parallel.
    Please add an option to throttle the max. download bandwidth or at least be able to set a priority for downloads of the firewall itself.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Guest User Management

    We have observed that we can manually create guest users in Sophos XG Firewall, under

    Objects > Identity > Guest Users
    or
    System > Authentication > Guest Users

    The Following Two Things Need To Be Taken Care Of.

    1) After creating the user, in the edit mode, the administrator is not able to edit the guests cell phone number.

    2) Once we trigger print, for the Guest User Credentials, there should have been a provision to add the Company Logo on the Print Out.

    3) Also comments and Instructions that the Administrator would manually enter, which should be printed on…

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Firewall Rules and UTQ

    UTQ is a nice step forward and it useful to find "bad guys" inside the company. It would be great and useful to use UTQ on Firewall Rules as Hearbeat does. For example, when you create a rule LAN to WAN going to certain sites, UTQ should be less than 40% otherwise traffic is blocked.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.