XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Ability to archive Daily, Weekly, Monthly reports

    As on the UTM, the ability to archive/download Daily, Weekly, Monthly reports. What a "novel" idea.

    15 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    • Website/XG web gui font/colors very hard to read

      The light blue on White and gray on white text is very hard to read, and the weird blocky semi-serif font used on the XG (and the cloud site) doesn't help matters. There's entirely too much white space on all pages in the UI in general, leading to more eye strain. Can we get some kind of Dark theme, or at least Bolder/higher contrast fonts?

      The font/color scheme on the UTM is way more readable.

      2 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
      • Monthly Reports - Scheduling Missing

        Scheduling Monthly Reports is not possible. On UTM this was a basic feature. They can be used to review the trend month by month.
        Strange to request such a basic feature.

        62 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          8 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
        • WAF Virtual Patching and Brute Force Attack

          Other UTM/WAF vendors integrate virtual patching features on their product. A really brute force protection in missing on WAF too.
          Please add it.

          30 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            2 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Allow overlap in subnets between source and destination in IPSec Config

            Our corporate WAN encompasses a large subnet globally. In UTM 9 and prior, it was possible to define an entire destination subnet in the IPSec configuration that overlapped with the source subnet. The system was able to understand where the subnets were and how to route appropriately. Unfortunately this is not possible in XG and as such, if I want to allow access to the entire subnet (in the case of this overlap), I must define ranges which is far far too cumbersome.

            A simple example would be a subnet defined as 10.0.0.0/8. We could have a remote LAN behind…

            2 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
            • Let's Encrypt Integration

              It would be very nice if Let's Encrypt certificates (letsencrypt.org) can be generated directly from the XG Gui. So that the "Let's Encrypt Client" is integrated in the XG. Would it be possible?
              Best Regards

              430 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                33 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Adding feature to confugre an IP range or CIDR as an allowable Radius accounting requests

                customer got a Meraki Wireless network and basically each WAP processes the request and then would need to forward the accounting request to the Sophos firewall. So without using IP range or cidr they need to enter 150 ips individually.

                If ip range or cidr option is available then It will let then to do radius accounting on wireless network without
                having to put in 150+ radius clients.

                4 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Thermal seonsors ans fan speed

                  Hi

                  Some sort of hardware status feedback would be very nice. Most importatn would be CPU and mainboard temperature, however fan speed would also be nice.

                  102 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                  • Compare / Diff Policies

                    It would be handy to be able to compare / diff policies. You can currently do this manually by opening two pages side-by-side, but that is cumbersome and error prone.

                    4 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                    • Decryption Port Mirroring

                      The Decryption Port mirror feature provides the capability to create a copy of decrypted traffic from a firewall and send it to a traffic collection tool that is capable of receiving raw packet captures–such as NetWitness or Solera–for archiving and analysis. This feature is necessary for organizations that require comprehensive datacapture for forensic and historical purposes or data leak prevention (DLP) functionality.

                      22 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Routing Table - Show

                        Available in the GUI or CLI able to visualize the active routing table.

                        This feature exists in other manufacturers, such as Fortinet for example

                        33 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          4 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                        • SSH Access - User can access the SSH with its own credential

                          Currently it is possible to access the SSH only with the ADMIN user.

                          For companies that need to be compliance with the PCI this is not acceptable.

                          It is very important each User can access the SSH with its own credential for audit purposes

                          55 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            9 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                          • Allow changing threshold for the Performance system monitor on the XG homepage.

                            Allow changing threshold for the Performance system monitor on the XG homepage.

                            My system always sits in Orange even when network use is really low.

                            3 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                            • GUI Search

                              I often find myself hunting around the interface for various settings. It would be quite handy to have a search box where I can search for a particular setting, select it from a dropdown of results, and then be taken directly to the page.

                              88 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                              • Predefined Objects for (IP Range + Standard Services, Ports)

                                I could improve my overall network security, by limiting Services/Ports to specific IP Ranges. A predefined set of IP Ranges altogether with standard ports, would be very helpful and ease up the whole XG configuration. For instance, My users have access to specific ports only for the IP Ranges of Apple, Microsoft, Google and Akamai. Given this, only Port 80 and 443 remains open from LAN to WAN for all other IP's. I think for 80% of all Small Businesses with some adjustments, this configuration should work out of the box.

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Create a Migration Assistant (web)application for the Firewall-OS

                                  Cyberoam has a Migration Assistant which converts for example a SonicWALL UTM configuration to a configuration for the Cyberoam UTM appliances.

                                  The Sophos Firewall-OS already supports an API which uses, just like the IMPORT/EXPORT feature, an XML structure for setting configuration. Now I have to if possible create a script to find configuration components and convert the structure to match the XML structure for the Sophos Firewall-OS. Other vendors support configuration exports in XML format or other kind of readable format.

                                  Such a tool would make it easier to migrate a customer to the Sophos Firewall-OS, making the choice for…

                                  6 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Allow access to google hangouts

                                    Allow access to google hangouts

                                    2 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Edit/Delete default IPS rules

                                      XG comes with IPS built-in rules and cannot be customized or deleted. At least allow us to customize them in order to add/remove Signature.
                                      I always like to keep the Appliance as clean and light possible and I would like to delete default IPS rules too.

                                      12 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Allow IP List to be added to IP Host Group

                                        You can add an IP range or IP subnet to an IP host group but not an IP list.

                                        10 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Filter firewall rules for zones

                                          Filter firewall rules for zones. We can filter it, but the filter is gone if you change the menu. The best solution for me was the Cyberoam layout, with the rules separated by zone. If not possible, please make possible to make the filter stay there even if we log out of firewal..

                                          19 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.