XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Driver problem compatibility sheet

    The Sophos XG 201 recently purchased has the network driver manufacturer intel i40e version 1.1.23 dated 2014-11-03 more that 3 years old. Please update this to the driver intel manufacturer i40e 2.0.23 dated 2017-04-12.
    The issue is that oue twiaxial wire connection is set in the sophos as unrecognized is a DEM-CB100S Dlink manufacturer and sophos set it to as I said unrecognized

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Enable to configure multiple VPN Zones

    All of the zones of the VPN of the connection destination are the same and different policies can not be written.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. IPv6 MLD2

    IPv6 MLD2 support

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow option to ignore RADIUS Logoff

    The ability to ignore Logoff requests issued by RADIUS accounting - similar to the feature found in STAS. This is because many wifi providers issue STOP frames as devices roam to RADIUS Accounting, which can cause temporary internet disconnections when roaming.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. User Portal login automatically launches VPN client

    Can a feature/checkbox be added to auto-launch the VPN client upon successful authentication to the User Portal? This would simplify the user experience so they only have to login via a web-browser and not actually start a client first. Sonicwall can do this with NetExtender and simple check-box "Launch VPN Client after login".

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Anti-portscan

    XG does not have a anti-portscan feature. Please vote it!

    387 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    42 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. XG Client for Chromebooks

    It would be really nice to have a chrome extension for the XG firewall to identify a Chrome user using a Chromebook. This way we could identify user or Group to use certain rule sets. This would also be great reporting purposes.

    20 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Application-Traffic Shaping based on percentage of WAN bandwidth available

    Allowing to set application bandwidth based on the percentage of the WAN bandwidth available will make enable copying configs from firewalls with different total WAN bandwidth. Moreover will make it a less hassle to upgrade or downgrade WAN bandwidth in the future. This feature would greatly enhance the settings for MSPs or vendors who send out pre-configured firewalls.

    30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  9. Smtp malware scanning support with user / network policy

    Smtp malware scanning support with add user/network policy

    Not scan smtp malware with user / network policy.
    I want this function to be supported

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Match DHCP leases with RADIUS accounting messages

    For Sophos XG:
    Routers like OpenWRT do not know the IP address when a client connects and can only report the MAC to the firewall. If this firewall is also serving as a DHCP, it can match the MACs ( from accounting message and IP lease) and thus, the Framed-IP-Address attribute is not required any more.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. WPAD

    Couldn't find it previously suggested, so want to throw this in the mix. It would be awesome if we could host WPAD file locally on the XG unit. If I missed it in the documentation I'd appreciate if someone corrected me.

    22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. hotspot voucher creation with starting validity

    It would be useful to be able to create hotspot vouchers with starting and ending validity , and also to schedule the creation of them

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Non-Sophos WNIC Support

    Some core functionality for other wireless chipsets should be provided, even if it isn't "guaranteed perfect".

    For example, ath9k (Atheros) drivers ship with XG, but cannot be loaded because of a version conflict with a dependency. Atheros chipsets are the most compatible with other linux, and considered to be "100%". The code is all there, and being used in production by other manufacturers.

    Sophos XG Home isn't usable in my circumstance because it doesn't support common wireless chipsets, which is needed in my home. Purchasing a Sophos wireless appliance is possible for my company, but not for me at home!

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Serial interface for Installer

    Installer should support serial interface. It's already text-based. XG supports the serial interface once it's installed.

    Lots of hardware doesn't have a GPU, such as many AMD G-series, and requires a painful hack to install it - such as using alternative hardware and hot-swapping memory, or doing a "blind install", copying keypresses from a virtualized installer. This should be a trivial improvement that would make installation 100x better!

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Simplify DHCP Configuration

    It would be great if the DHCP configuration could be simplified.

    1/ Make static IP from an assigned IP would be great.
    2/ It would be nice to have a single DHCP pool with exceptions/exclusions/static assignments within that pool or outside that pool.

    References:
    https://serverfault.com/questions/768655/how-dhcpd-handles-static-ips-vs-dhcp-reservations
    https://linux.die.net/man/5/dhcpd.conf

    68 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Guest access menu on captive portal

    Please add guest access menu on captive portal like UTM 9

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Captive Portal Session Timeout

    Bring back the captive portal session timeout like UTM 9, in XG if closing the window after login is the same as logout.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Outlook add-in for Email Protection

    Please can we have an Outlook add-in which will allow users to blacklist with a single click.

    I love the daily digest which allows users to release false positives but there seems to be no function for undetected spam which makes it through.

    Thanks

    50 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Source devices in firewall rule

    It would be better adding if there are operating systems and device types maybe device brands in source networks and device when creating a firewall rule.

    For example;

    LAN
    Source Networks and Devices : IOS,ANDROID, (LINUX,WINDOWS.. etc.) (Maybe dell,hp,samsung,sony, apple, asus.. etc.)

    During Scheduled Time : All the Time
    Destination & Services

    WAN
    Destination Networks : Any
    Services : Any

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Application Specific Signature for Ring Central

    There is no Application Specific Signature for Ring Central, which means we can't apply Application-based Traffic Shaping Policy for it.

    Please add Ring Central as a defined Application.

    See below:
    https://community.ringcentral.com/ringcentral/topics/how-do-i-troubleshooting-call-quality-issues-qos
    https://www.ringcentral.com/support/qos-router.html?_ga=1.41909153.2038724511.1480961611

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Detection Requests  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.