I want to be able to add all my wireless networks to all my access points.
Currently I cannot mix "Bridge to AP LAN" and "Bridge to VLAN" on the same access point which I could easily do on other wireless systems.14 votes
Auto-provisioning via TR-069/CWMP protocol to configure wan ip address, firewall rules, management server, etc.5 votes
DHCP option 42 (NTP) currently can only take static IP. Need to use DNS name as well. So we can use something like pool.ntp.org22 votes
With ipv6 wan interface its not possible to reach an ipv4 (ipv6 is not possible for this specific device) device over the internet. We need an translatoon from ipv6 -> ipv4. business application rules (dnat, waf) does not support mixed ipv4/6. only ipv6 for an ipv6 rule and vice versa.49 votes
Perhaps not the most popular suggestion, but I would gladly pay a modest fee (e.g. 50 USD/year to be on par with Untangle) if some user requests could be fulfilled. I think of
- using the Sophos Home cloud to create integrated reporting
- the ability to use XG as an OpenVPN client so all traffic is protected
- the ability to use sandstorm
Then again : a big thank you for making the software free to use. Based on this policy, I was able to recommend at least 15 small business to move to Sophos.17 votes
The ability for XG to act as an OpenVPN client with the ability to open separate tunnels based on destination country would be great.
I fully realize this functionality is probably most relevant for - non paying - home users so I ask this with a lot of diffidence.27 votes
Is it possible to add DNScrypt-support please ? Everything that can be done to make DNS more secure is urgently needed :)36 votes
In singapore the IPTV Services requires DHCP Option 60 to be a specific string before the DHCP Server assigns an IP Address.
With an option to send a DHCP Option 60 together with the DHCP Discover packet would be great to have, to enable the XG Firewall to get an IP Address form the ISP's DHCP for IPTV31 votes
Hi team, I noticed that Sophos VPN use weak handshake for remote user despite high settings on SSL VPN crypto.
Currently it uses: SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
3DES-EDE is known to be weak.
I think this is a serious problem for such a nice firewall.
Forum post: https://community.sophos.com/products/xg-firewall/f/vpn/84727/sophos-xg-ssl-vpn-remote-use-weaker-handshake-than-specified-and-udp-failed-to-connect/40 votes
IETF standard. Used by real-time comms on webpages.
DESPERATELY needed. HTTPS Decrypt and Scan basically kills it. Please fix!52 votes
HotSpot feature lacks logging capabilities.
For example it would be great to autmatically map and log voucher code with IP address of user that was using it and create reports based on this.
Without this it's impossible to audit what traffic was generated by that user.
Lukasz Naumowicz60 votes
The new MTA SMTP deployment mode in SFOS v16 lacks the ability to bypass a (or some) sender/recipient from all email protections. At the moment, we can only create a SMTP policy to bypass a destination email domain from email protections, and it is not practical in most situations.
However, in the Legacy SMTP deployment mode, we can create a SMTP scanning policy to bypass certain sender/recipient from all email protections.
It will be great if MTA mode can be implemented with the feature of bypass certain sender/recipient from email protections.134 votes
Is there a way to check the real time bandwidth usage for firewall rules?
So user can distinguish which rule used the most bandwidth and set the proper QoS for it.
Provide a JSON API rather than XML. Since the backend config services uses JSON, I'm surprised this wasn't done from the begining.26 votes
The download page for authentication clients (System -> Authentication -> Authentication Clients) should display the version that is currently available on the download site to allow for easier comparison to currently deployed client versions.5 votes
Please provide the option in the Reverse proxy to enable encodedslashes for a specific virtual webserver.
Because some web applications use for example %2F for a slash and the reverse proxy cannot translate this back to / because of allowencodedslashes is not enabled by default. So this results in a 404 error.
This is essential for Web Applications like SAP Fiori! I think we not the only company who have this issue.25 votes
it could be very nice to have the ability to make the routing decision based on the Web Category (Applications too) within the web policy (or apps filter) for exemple, so we can use the main Wan or Gw for business related and productive categories and Apps and all the rest goes through the secondary Wan connexion usually used for backup for exemple. and it can be blocked if primary wan or gw is down so the backup wan or gw gets used for the business traffic.76 votes
Currently XG is still using version 1.3 of the outlook plug-in which does not support Outlook 2016. Can you please update the plugin/add-in on the XG User portal.22 votes
The Sophos XG firewalls should be able to detect rogue access points with APs connected the same way the models with built in wireless do.62 votes
Hey Guys, are there any plans for new RED Devices? Maybe a VPN throughput about 1000 MBit/s.
- Don't see your idea?