XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Make it possible everywhere to use nested groups

    It takes much less administration when nested groups are supported. Now I have to add individually all objects in the groups and when the object needs to be removed I need to remove it out of ALL the groups.

    10 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. User Portal / SSL VPN Portal

    Unlike Cyberoam, SSL VPN and User Portal are now combined here in Sophos XG. There are issues on our clients regarding on this for security purposes. We, Netplay Inc. is requesting to at least and administrator of the GUI could be able to modify or edit what users can see to the current user portal we have.

    Example: After user log on their account. SSL VPN is the only visible.

    40 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Please add ability to associate an IPSec profile to Cisco IPSec VPN Client configuration

    The current configuration page for System->VPN->CISCP VPN Client does not have the option to associate an IPSec profile containing settings. Over time the standard has changed to use different Diffie-Hellman (DH) group 14 and group 5 with different phase 1/phase 2 algorithms. The current setting does not work with OS X 10.11.4 and above or later releases of CISCO IPSec VPN clients (unless you downgrade the client encryption settings).

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow IP Host Groups to be added to IP Host Groups

    Allow IP Host Groups to be added to IP Host Groups.

    I am migrating a SonicWALL configuration to a Sophos Firewall and am running into the issue that the SonicWALL supports nested groups and the Sophos Firewall not. Since I am using the API to script the configuration conversion and push the configuration its quite a big slow down to have to do it manually afterwards.

    5 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Report Format

    Hi,

    We should add parameters in user wise report and domain wise report.
    Eg. we need one report which has following parameters,

    Top 10 Users; Top 10 websites/web domains accessed by each; data trasferred on each website and time spent on each website.

    This report then can be scheduled on daily basis.
    E.g.2 - Right now we have Executive User Report. Similar to this we should have Executive WebDomain Report with "top10" in each of them.

    Thanks,
    Jeevan
    HTPL

    6 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  6. identify Apple FaceTime application

    The XG doesn't correctly identify Apple FaceTime traffic. It instead just lists it as "Other Applications." Until it is identified, I'm limited in how to apply rules to is such as bandwidth constraints or to block it altogether for some users.

    14 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Detection Requests  ·  Flag idea as inappropriate…  ·  Admin →
  7. Quarantine of filtered E-Mail Attachments by Scanning Rule

    When a E-Mail attachment is filtered by SMTP/S Malware Scanning Rule the Message (with attachment) should be moved into the quarantine. It´s easier to release it, then contact the sender to deliver the file via ftp server etc.

    17 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Update AV Definition at least everyday

    Sometimes a new AV updates is released after 3 or 4 days, why?It is a Firewall and it should be up-to-date for new threat everyday.
    Thanks.

    11 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Wildcard search within Network Rules

    If I go to IP Host and filter by "Port", I see everything containing that keyword. However, if I go to edit a Network Rule in Policies and type in "Port" in the Networks search box, I get no results. In the Networks search box I seem to be unable to find anything unless I know the beginning name of the network I wish to search for. In this case, I have to enter "#Port." IMHO it would be better if the search term was treated as an "include" type match versus a "begins with" search.

    19 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. WAN without gateway

    Earlier on SG, we used to have options to check if gateway is available on any interface but on XG it is compulsory to keep gateway on WAN which is quite annoying while having L2 links connecting its numbers of offices where I need IPsec VPN.

    22 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. DSCP on Business Application Rule

    DSCP is a new feature but can be only used on User/Network rule. I would like to see the DSCP even on BAR in order to better manage multiple ISP.
    Cyberoam has this feature.
    Thanks.

    13 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. service

    In the Services, i cant see if i have a Port/Service Defined.
    So either searchable port numbers (now its only the Name)
    or Display all Services on one page, so i can search

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Ability to archive Daily, Weekly, Monthly reports

    As on the UTM, the ability to archive/download Daily, Weekly, Monthly reports. What a "novel" idea.

    15 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  14. Website/XG web gui font/colors very hard to read

    The light blue on White and gray on white text is very hard to read, and the weird blocky semi-serif font used on the XG (and the cloud site) doesn't help matters. There's entirely too much white space on all pages in the UI in general, leading to more eye strain. Can we get some kind of Dark theme, or at least Bolder/higher contrast fonts?

    The font/color scheme on the UTM is way more readable.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Monthly Reports - Scheduling Missing

    Scheduling Monthly Reports is not possible. On UTM this was a basic feature. They can be used to review the trend month by month.
    Strange to request such a basic feature.

    63 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  16. WAF Virtual Patching and Brute Force Attack

    Other UTM/WAF vendors integrate virtual patching features on their product. A really brute force protection in missing on WAF too.
    Please add it.

    31 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow overlap in subnets between source and destination in IPSec Config

    Our corporate WAN encompasses a large subnet globally. In UTM 9 and prior, it was possible to define an entire destination subnet in the IPSec configuration that overlapped with the source subnet. The system was able to understand where the subnets were and how to route appropriately. Unfortunately this is not possible in XG and as such, if I want to allow access to the entire subnet (in the case of this overlap), I must define ranges which is far far too cumbersome.

    A simple example would be a subnet defined as 10.0.0.0/8. We could have a remote LAN behind…

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Let's Encrypt Integration

    It would be very nice if Let's Encrypt certificates (letsencrypt.org) can be generated directly from the XG Gui. So that the "Let's Encrypt Client" is integrated in the XG. Would it be possible?
    Best Regards

    456 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    35 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Adding feature to confugre an IP range or CIDR as an allowable Radius accounting requests

    customer got a Meraki Wireless network and basically each WAP processes the request and then would need to forward the accounting request to the Sophos firewall. So without using IP range or cidr they need to enter 150 ips individually.

    If ip range or cidr option is available then It will let then to do radius accounting on wireless network without
    having to put in 150+ radius clients.

    5 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Thermal seonsors ans fan speed

    Hi

    Some sort of hardware status feedback would be very nice. Most importatn would be CPU and mainboard temperature, however fan speed would also be nice.

    104 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.