XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. IKE v2 and dynamic routing

    IKEv2 and dynamic routing

    106 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      12 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    • Create and Manage Multiple ehlo

      As Enterprise product, XG should be able to manage multiple ehlo to protect multiple email domain behind it. On UTM9 we have profile mode but multiple ehlo was missing too. Add some sort of profile (including ehlo) for multiple domai for one/multiple public IP, such as WAF does with virtual domain.

      22 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        Planned  ·  1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • default source port when adding new services to "1:65535"

        Would be nice if the source port was already pre-populated like it was in UTM9

        197 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
        • Improve the WAN Gateway monitor

          Improve the WAN Gateway monitor. Add Latency thresholds, Packet Loss thresholds.
          This can help much to prevent false positive gateway status.
          The same feature could be added on VPN Failover system

          Best regards,

          Carlos Cesario

          132 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
          • Mail notification to multiple recipients

            Add support to notification component send email to multiple recipients.

            Currently it is supported only 1 recipient.

            Best regards,

            Carlos

            156 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              13 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
            • Add support SNMP service to multiple WAN interfaces

              Currently this makes impossible an efficient monitoring of appliances (Copernicus) with multiplpe WAN interfaces.

              The SNMP server only works through a unique WAN interface.

              Best regards,

              Carlos

              10 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
              • Add support SNMP Community answer to any (0.0.0.0) IP Address

                Currently it is needed create one Community to each specific IP address.
                It is impossible create two 'Public' communities by example to two different IP address or create a single Community String for any (0.0.0.0) Ip address.

                Best regards,

                Carlos

                26 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                • Allow interface port to be configured with just vlans

                  As it is right now you must assign an ip address to an interface and then add vlans. doesn't allow you to just assign vlans.

                  212 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    20 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                  • Rename objects

                    Add support to rename Policy rules name, IPSEC and SSL VPN tunnels name, Webfilter Policy and Category objects, Application Policy and Category objects, QOS rules and all other items.
                    This will Improve the management, it must be default to all objects. Currently to fix a simple typo error, we must to create a new policy or category and populate all items again. A simple task can turn into a hard task.

                    Best regards,

                    Carlos

                    214 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                    • Add option to change Appliance SSH port access

                      Add support to change SSH port access.

                      Best regards,

                      Carlos

                      114 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                      • Add support to choose both protocols (TCP/UDP) in Service object

                        Currently we have to create a separated rule to each protocoal TCP/UDP.

                        Best regards,

                        Carlos

                        195 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          5 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Add support to choose multiple Hosted Address when create a Business Application Policy

                          Add support to choose multiple Hosted Address when create a Business Application Policy.
                          Imagine a customer with 3 WAN links and 50 Business Application Policies rules.It is needed create 150 Rules for this.

                          This is a real case today.

                          Best regards,

                          Carlos

                          34 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • SSL VPN policy with AD

                            Add support to create SSL VPN connection to users from the specific Windows AD Group without needed to this user need login (By Captive Portal or Sophos Client) and after that associate the VPN policy.

                            Today, If I have a specific group from Windows AD dedicated only to VPN users, I do not get associate VPN policy to these user if they do not login first by captive portal, Sophos client or SSO, after that I can associate it into a VPN policy. But if these users do not have HTTP access, I cannot set VPN policy.

                            Best regards,

                            Carlos

                            63 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                            • Add support SNMP via VPN without add static

                              Add support SNMP via VPN without add static routes. This could be as SSH via VPN, only choose a checkbox allowing or deny the service.
                              Today it is needed add static route pointing to tunnel name.

                              Best regards,

                              Carlos

                              8 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                              • Add FreeDNS.afraid.org DynDNS Provider

                                FreeDNS was on UTM 9, is there any reason why it has not been carried over to XG Firewall.... I for one would like to have FreeDNS enabled in XG firewall as I see no technical reason why it should not be there.

                                or at least have a custom setting for Dynamic DNS that enables a feature to set Dynamic DNS via a url that can be called by curl.

                                134 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  66 comments  ·  Dynamic DNS Providers  ·  Flag idea as inappropriate…  ·  Admin →
                                • 171 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    28 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →

                                    What we will do:
                                    Allow XG software installer to run on XG hardware appliances, after removing current partitions (same option as UTM9)

                                    What we are not planning:
                                    We will not allow software install to run trivially on a system currently installed with XG.
                                    We will not make any effort to support on-system wireless, on software installs.
                                    The system will not report itself in any way as an XG appliance, inside the OS.

                                  • Adjustable column width and ordering.

                                    As a firewall administrator, I want the ability to adjust column width and column ordering in any log display in order to have better visibility of data I am monitoring for.

                                    As it stands, the log display grid is not intuitive, and requires scrolling down to get to the horizontal scroll before you scroll back up to see data.

                                    (Can be applied anywhere there is a grid display too.)

                                    40 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                    • SPX password specified by recipient queue the email

                                      When using SPX encryption for email protection, if we set the password type to "Specified by recipient" the email will get sent by the Sender; but a return message will come back saying "a password is not yet created by the recipient. You will be informed once it has been created and then you can send email to the recipient". Instead of making this a manual task for each encrypted email, XG should queue/hold the encrypted email waiting for a password to be made, then automatically send it to the recipient. This is how the email appliance SPX process works…

                                      13 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Allow it to work on i686 hardware instead of requiring x86_64

                                        I have a very good SMB sized hardware that I use with dual core 2 gig ram ATOM processor. work well for sites with less than 100mb internet. now I cant use SFOS because it says its x86_64 only... Please allow a i686 build

                                        3 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                        • 53 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.