XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add hostname in email notifications

    When receiving notifications for multiple XG appliances there is no clue in the mail about which appliance it is coming from ...
    Is it possible to just add the appliance hostname in subject, just lige UTM SG do ...
    Actually the only way is to set a per-device (not really existing) sender email address and that is not a good practice nor very convenient

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Create group with LDAP custom attribute

    UTM 9 is easier to create a group based on LDAP attribute. In XG via Configure> Authentication> Group> Add Members we did not find it

    https://community.sophos.com/products/xg-firewall/f/authentication/87458/create-group-with-ldap-custom-attribute

    20 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Sending only 1 quarantine report to user

    Currently the quarantine digest sends a report to very e-mail adres that is configured as a user.

    When user1 had 1 email address it gets 1 report
    When user2 has 3 email addresses it gets 3 quarantine reports these other two are duplicates, so only need to be send once.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Auto Login Normal User By Mac Address

    When i create user for ex test i give it mac address of a computer when his computer turn on >> automatically login to fire wall by his mac to test account ... like cleintless by ip address but here by mac address and normal user

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. POP3/IMAP-Increase email scan limit

    Please increase POP3/IMAP email scan size limit from 10 MB to at least 50 MB as for SMTP. It is not acceptable to have security only until 10 MB. Denying is also no option, if you want to keep your business communication going.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add option to application rules for automatic email alerts.

    When configuring an application policy rule, I would like an option to have email alerts sent to the configured address if the programs in that rule are detected.
    Also, the option to configure the text of the alerts would be nice, with {user} for the Username of the application and {app} for the application in use.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  7. schedule time for the Business Rules Applications

    Set the schedule for the Business Rules Applications rules would be an important thing to enter.
    Thanks
    Carlo

    39 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. ssh port forwarding (ssh -D -L -R)

    like Sophos SG, is usefull that admin be able to use ssh port forwarding, but in sophos XG this feautirs is not implemented in ssh protocol

    see ssh command line options for more details:
    ssh -D
    ssh -L
    ssh -R

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Acknowledgement for the changes made on warnings

    Hello Team,

    I have a customer here requesting to have acknowledgement for the changes made on warnings on XG or update the time stamp every time changes has been made on the warnings

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. Time-Based Web Bandwidth Usage Reporting

    I would like to see time based (not by dates alone but by time - like 7:00pm to 7:00am) web usage reporting sorted by nodes, network or firewall rules.

    I'd like to see this as a drill down of the web usage activity reports.

    41 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  11. Multipath rules and same wieghting as SG

    There is no ability on the XG to place Multipath rules or set the weight of an internet line to 0.

    For example on the SG you can set a weight as 0 and then create a multipath rule to route certain traffic out via different gateways, and if that gateway goes down it automatically routes traffic out of the next.

    This is a basic feature of any firewall.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. dynamic dns

    It would be nice, to have again a switch, as it is in UTM, to disable or enable the entry.
    This way you can not prepare host names and switch them on, when you want' to go live with them.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Dynamic DNS Providers  ·  Flag idea as inappropriate…  ·  Admin →
  13. Can XG firewall user authentication be added to Sophos enpoint client?

    Sophos endpoint client already has users information. Why not have that info shared directly so authentication does not need multiple configuration points.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Synchronized Security (Heartbeat)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add more applications for various XBOX, PS4 &other video games

    Many online games are detected (incorrectly) as various tunnels/proxies or P2P applications. more work needs to be done to detect games such as
    GTA5
    Elder Scrolls Online
    Rainbow Six:Siege
    etc.
    This will allow us to use the application filter to allow games from our residential network while still blocking malicious & unpermitted applications.
    Thank You

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Detection Requests  ·  Flag idea as inappropriate…  ·  Admin →
  15. SPX Portal on port 443 in stead of 8094

    It is only possible to use ports between 1025 and 65535 for the spx portal. Receipients behind a firewall which block non standard ports will not be able to choose a password for encryption. I know port 443 is being used for the user portal so it will conflict so maybe use an alias for both. Just like the ssl vpn port not able to use port 443 is a major flaw in this product.

    32 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Field Mapping Between Firewall & Active Directory

    For all the users fetched from active directory on to the firewall, the firewall admin should be able to mapping active directory field to the username fields on the firewall.

    Please check this thread from Sophos Community for more Information.

    https://community.sophos.com/products/xg-firewall/f/logging-and-reporting/86524/override-username-field-on-the-firewall-with-some-other-field-on-active-directory---report-shows-emp-id-instead-of-username-xg-sso/320495#320495

    Hope to see it soon in SFOS

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  17. QoS by Policy optional in Authenticated access

    Today it's not possible to create more than one rule for authenticated users that specify different QoS policies.

    When a rule is marked to match authenticated users, the QoS policy selection is disabled as it is inherited from the user/group.

    Instead, the system should allow the administrator to define if the user default policy or a stand-alone QoS policy will be applied to the access.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Update Maxmind GeoIP Database

    Would be great to be able to update the GeoIP Database used for country based firewall policies.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Mac based authentication

    Give option to restrict a user accessing internet from specific MAC address only. Current in 16.05 there is option shown in Authentication > Users > Details, but it doe **** work.
    Sophos support says, such a feature is not available. Please bring the feature back.

    Summary: Restrict a user from a particular MAC address. User should able to login to internet/UTM from this MAC address only

    57 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Excempt Specific Applications from Traffic Quota

    Allow us to 'exclude' certain applications which may not be able to be configured on an IP/port basis, from the Quota functionality.
    E.g Skype, Viber, Skype4Business, Office365

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.