XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure Native Backup for recovery

    Ability to use Azure Recovery Services to run backups of the appliance so that recovery time can be reduced.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Transparent Subnet Configuration

    It would be great if Sophos XG would allow you to created a transparent interface like SonicWall does. https://support.sonicwall.com/kb/sw5979. Sophos currently only supports using a bridge interface or proxy ARP to achieve this which is not as easy or clean as SonicWall's method.

    https://community.sophos.com/kb/en-us/123524
    https://community.sophos.com/kb/en-us/123525

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Pharming protection - Exception possibility

    it's not possible to create an exception on Pharming protection (Web --> Protection --> Advanced Settings).
    The default enabled function let you "Protect users against pharming and other domain name poisoning attacks by repeating DNS lookups before connecting."

    We were unable to get a vpn tool called "SSL network extender" working (to support a customer). The solution was to disable the Pharming protection completely.

    49 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Device inventory

    I suggest a view of devices on the network, divided by operating system and bringing the essential information such as host name, IP and MAC address, and which interface are connected.

    36 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. increase the limiation of maximum thinclient

    Please increase the limitation of 64 maximum thinclients, as some customer has more than 64 Citrix servers.
    256 would be a good number.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add option for hostname in quarantine digest report

    Option to use a hostname for quarantine digest report instead of ip address like it has now.

    37 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. SSL VPN - Disconnect User

    Actually, if I click the button to disconnect a Live SSL VPN User (from XG Admin Panel) the firewall sends Connection Soft Reset to the VPN Client, but after a few seconds the client re-connects.

    It would be nice to disconnect the user (at least until it does another login with VPN Client) maybe also sending him a popup message.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow selection of CA Certificate to enroll SSL VPN User's certificate

    It would be great to allow selection of CA Intermediate certificate used to enroll SSL PVN Users Certificates (like already done for Web Scanning)

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow text for WhatsApp but not images, video or audio

    Customer would like to allow Text for Whats App but blocks the block download & Upload of Images,video & audio

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Detection Requests  ·  Flag idea as inappropriate…  ·  Admin →
  10. IPSec - 4096 Bit RSA Key

    Please add 4096 Bit RSA Keys für IPSec VPN like UTM 9

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. OTP: SMS

    Please allow a SMS provider & custom SMS url to provide as a way to retrieve the OTP code for users.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. 4096 bits SSL VPN Encryption

    4096 bits SSL VPN Encryption is currently very common on many appliances but not on Sophos XG. Could you please add this level of encryption to the XG?

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Upgrade Cyberoam to Sophos and lost features

    In Cyberoam, we could go to firewall rules and in one view could see all the rules, what the source and destination restrictions were.

    With Sophos O/S we now have to go in and edit each rule, one-by-one, just to see what the settings are.

    In addition, on a 24" monitor, we can only see 9 rules per screen on Sophos, as opposed to Cyberoam where you can see 32 rules per screen. On a device that has 30-40 firewall rules, navigation on Sophos O/S is an absolute disaster.

    Please bring back the old GUI, or AT LEAST allow it…

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →

    We are making some layout improvements to better support larger rulesets. We won’t copy the CR ui in XG, but we will make a number of improvements in v17, to make working with large rulesets better. Some of that will be improving the layout and use of vertical space.

    Our priorities in v15 and v16, were to reduce the need to scroll horizontally in as many cases as possible, and then to make the rules themselves more powerful, allowing for excessive numbers of similar rules to be consolidated into many fewer rules. This is largely successful, and we are now focusing on improving the display efficiency, to allow more rules visible on the screen at once, ability to group and hide related rules, making the display shown per rule more efficient, and other improvements to make working with larger rulesets easier.

  14. Change "From" name and add subject prefix

    Right now email alerts can be set with a from email address but says "Sophos" as the from name. Would be nice to change this to another name like the device hostname instead.

    Also, would be nice to add a subject prefix like [Sophos] or [Hostname] to add some detail.

    We have over 10 units and we have no way of knowing which device is affected until we open the email.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. System: Disable services

    Please allow for an option to disable certain services the XG offers such as;
    - Disable HA when (if not configured)
    - Disable Wireless Protection
    - etc.

    Would be neat if these options wouldnt show in the GUI anymore & do not count toward health status.

    37 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow RIP to be disabled

    Please allow for an option to disable RIP.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. WEB: restrict proxy access between internal subnets

    Currently the web proxy allows you to access anything the Sophos can access. This means is you have multiple segments of trusted and untrusted traffic on the same XG that both the trusted and untrusted devices can access the content of each network using the proxy.

    Please make an option where hosts and subnets can be denied for specific filter rules.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. WAF: HTTP to HTTPS redirection

    If a webserver runs HTTPS allow for the option to forward HTTP traffic on same FQDN to HTTPS. This is already possible on UTM9

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. WAF: IPv6 support

    Allow IPv6 (and IPv4) for WAF

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Objects: Add default objects like in UTM9

    Add objects such as Any-IPv4, Internet IPv4, Internet IPv6 etc.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.