XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. New 4G stick hardware support - ZTE MF823L

    Hi,

    We are trying to connect a modem ZTE MF823L on the Sophos XG 85 (MR2) in order to enable de WAN link over 4G.

    Sophos XG is not creating the Serial porta (/dev/TTYUsb) for this modem and without it the

    XG is not able to open de modem and dial the connection. Regarding the log bellow, the driver wasn't found.

    This modem is very common over Brazilian carriers.

    Please add support for this modem ASAP!


    • LOG: /log/mdev.log

    Fri Jun 3 10:10:00 BRT 2016 add event: add event from /devices/pci0000:00/0000:00:1d.0/usb1/1-1/1-1.1
    Fri Jun 3 10:10:00 BRT 2016 add event: firing usb_ms…

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Firmware update throttling

    While XG Firewall is great to handle traffic shaping for devices behind the firewall it can (does) completely occupy the available download bandwidth when downloading firmware or AV updates limitting production workloads to run in parallel.
    Please add an option to throttle the max. download bandwidth or at least be able to set a priority for downloads of the firewall itself.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Guest User Management

    We have observed that we can manually create guest users in Sophos XG Firewall, under

    Objects > Identity > Guest Users
    or
    System > Authentication > Guest Users

    The Following Two Things Need To Be Taken Care Of.

    1) After creating the user, in the edit mode, the administrator is not able to edit the guests cell phone number.

    2) Once we trigger print, for the Guest User Credentials, there should have been a provision to add the Company Logo on the Print Out.

    3) Also comments and Instructions that the Administrator would manually enter, which should be printed on…

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Firewall Rules and UTQ

    UTQ is a nice step forward and it useful to find "bad guys" inside the company. It would be great and useful to use UTQ on Firewall Rules as Hearbeat does. For example, when you create a rule LAN to WAN going to certain sites, UTQ should be less than 40% otherwise traffic is blocked.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Quarantine Mails - User Portal

    Quarentine Mails function in user portal is close to useless as it is today.
    The only option is to delete!

    There need to be an option to see the mail in clear text (safe).

    And an option to release the mail, if it was incorrectly quarentined.
    (Admin should be able so specify if a user can release the whole mail - including attachmens, or just the email body, without attachments!)


    • Option to send daily/weekly/montly reports of quarentined mails to the users mailbox.

    These are to be expected from a product with AV mail scanning functions!!!

    30 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Include original message body of infected mails in clear text

    When Sophos XG Email Protection detects a virus in an attached file, it succesfully identifies this, and removes the infected attachment.

    But the user now receives only an "empty" email with the original text removed, and replaced with information about sender, receiver, and virus found and removed. (XG setting is remove and deliver)

    It would be desireable to have the option to also include original email body text, in clear text format.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. RED - device info and bandwith monitoring

    Sophos RED:

    I have just begun implementing Sophos RED devices to branch offices. And the implementation have been very straight forward and easy to deploy.

    What i really need is some way to get information about the device connectivity.
    - How much bandwith is the location using? (Daily, weekly etc.).
    - How is my 3G failover connectivity connection? (No/bad/good/excelent connection)
    - Email notification in the event of failing over to backup 3G / WAN.

    Right now i am simply blind on what status is on the RED...

    AND also - please add a RED category...

    25 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add OpenConnect AnyConnect Pulse SSL VPN server

    This is an idea to add the actively developed and open source OpenConnect server package to the XG Firewall. https://gitlab.com/ocserv/ocserv

    The OpenConnect server is compatible with CISCO's AnyConnect and Juniper PULSE (Secure) SSL clients. Thanks.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Inspection of QUIC traffic

    It appears that currently QUIC traffic (UDP port 80/443) are not categorized by the web filter. Users seem to be able to access YouTube and other Google sites without any of their traffic being inspected.

    31 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Sync DNS with DHCP Leases

    The DNS shall resolve the hosts which was provided an addressed by DHCP.

    132 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    27 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. No NAT-T when configuring Site-to-Site IPSec VPN

    By default NAT-T is disabled for Site-to-Site IPSec VPN Connections. Unfortunately it is not possible to activate NAT-T when configuring a Site-to-Site IPSec tunnel, since this option is greyed out.

    In my case it is essential to use NAT-T, because the Remote Endpoint is located behind a NAT device.

    28 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Reporting by MAC Address.

    Ability to generate reports based off MAC Address.

    39 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  13. Share IP between User Portal and WAF

    Many small installation could benefit from ability to publish User Portal using Business Rule instead of enabling it directly in Device Access section. The difference is that a single IP can be used to host both User Portal and custom Web applications such as Web mail, Web storage, Web cameras, etc.

    Now, the only solution is to change User Portal listening port to something non-standard but this limits the ability to use it from some network environments where only standard WWW ports (80,443) are allowed.

    137 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Customize time schedule for digest sent-out based on recipient domain

    As admin I should be able to customize time schedule for email digest sent-out based on recipient domain.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. True Network DLP

    DLP works quite well on Email but it is time to implement it even on Web. I would like to be able to know what my users are uploading to Cloud, DropBox and Webmail and decide to stop and log or log only. Also VPN client should be able to talk with XG and scan what users download from the company to their pc and block unauthorized content.

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Failover for dyndns.

    Have a failover feature for dynddns. if main wan port goes down it can failover to the backup wan.

    66 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Dynamic DNS Providers  ·  Flag idea as inappropriate…  ·  Admin →
  17. Additional BGP features

    Within UTM you supported additional BGP configuration options than what is present in XG. I would specifically see AS prepend and filter lists implemented in XG.

    Thanks,
    Bob

    14 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. User Management - make paging configurable and easier to navigate

    On systems with a large number of users (we have over 1100) the user management page is difficult to navigate. Clicking through pages of 20 users one page at a time is time consuming. I would like the ability to modify the number of users listed on each page. Choice of 20, 50, 100, 250 per page, for example, would be great.

    Also, the ability to jump to a specific page would be a nice feature.

    Thanks,
    Bob

    19 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. User Portal / SSL VPN Portal

    Unlike Cyberoam, SSL VPN and User Portal are now combined here in Sophos XG. There are issues on our clients regarding on this for security purposes. We, Netplay Inc. is requesting to at least and administrator of the GUI could be able to modify or edit what users can see to the current user portal we have.

    Example: After user log on their account. SSL VPN is the only visible.

    49 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow IP Host Groups to be added to IP Host Groups

    Allow IP Host Groups to be added to IP Host Groups.

    I am migrating a SonicWALL configuration to a Sophos Firewall and am running into the issue that the SonicWALL supports nested groups and the Sophos Firewall not. Since I am using the API to script the configuration conversion and push the configuration its quite a big slow down to have to do it manually afterwards.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.