XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. XG as NTP Server

    NTP Server is a small package and UTM9 has it. In some small organization, having a central NTP server is a nice feature.
    Can you add it into future release?

    You can put it inside device access, denying WAN from using NTP server for security reason.

    509 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      30 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    • Force delete object

      At the moment, if you try to remove a object used somewhere (Policy Rule for example) a message appears saying that "the object is already in use." So give us where the object is in use and allow Admins to delete it.
      You can add an extra column with number of times the object has been used and give LINK where the object is used so we can go directly to the place and check if can delete it or not.

      104 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        18 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
      • Allow Configuration of DHCP Options

        UTM 9 had great DHCP options that you could assing globally or to an individual pool. For people with VoIP deployments this is Huge.

        291 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          13 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
        • WAF: more authentication type

          At the moment there are different type of authentication missing even on UTM9 against ISA server 2006, such as:

          1. Two-factor authentication using forms-based authentication and a client certificate.
          2. Delegation of credentials by using NTLM or Kerberos authentication.
          3. Kerberos constrained delegation.
          4. Secure Sockets Layer (SSL) client certificate constraints

          In this way, XG and UTM9 are the very alternative to ISA Server.

          122 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            2 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Automatic Firewall Rule and Group

            At the moment, automatic firewall rule is not available in any option as it was with UTM9. For example when you setup a new site-to-site or vpn. This is very useful and time saving. Also add inside Policy Section "Automatic Firewall Rules view".
            Last, add the chance to create Groups so we are able to group rules together.

            131 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
            • Intergrate Alarm output into RMM tools

              With the new XG firewall with the heartbeat function. Nearly all IT reseller/Partners use RMM tools, these alarms need to be integrated into these tools. (Connect wise, kasya, etc).

              Adding a connector into these tools will do the following:-

              Integrate automatic Ticket generation for alarms and alerts from the Sophos XG platform into the IT billing and Ticket system.
              Stop IT companies having to go and manage multiple web pages and different sites to generate Tickets of work.
              Be a powerful difference between Sophos and other Firewalls sold.
              This should not be very hard to integrate into the Partner Web…

              10 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

              • 343 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  48 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                • Bring RED Tunnels to UTM's and also to Sophos XG

                  I would love to be able to create RED tunnels to other Sophos Firewall XG devices aswell as Sophos UTM's.

                  This was a big disappointment to myself who used RED tunnels between UTM's

                  23 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                  • Improve Signature Policy GUI (IPS/AppCtrl)

                    In the moment it is a mess to select IPS Signatures and Applications in the
                    GUI, which additionally doesn't fit in the browser window very well.
                    Did i mention the (small) scroll bar on the right?

                    Please adjust the IPS and AppCtrl GUI according to best practices.

                    13 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                    • Firmware notification

                      XG looks like Sophos Standard. On Email Virtual Appliance, when I have a new pending firmware to install, I recieve an email saying that a new firmware is available to install and it will be installed at .... (I have automatic upgrade during the night). Inside the email, I have the link to release notes.
                      Please implement this feature to XG too.

                      189 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                      • IKE v2 and dynamic routing

                        IKEv2 and dynamic routing

                        108 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          12 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                        • Create and Manage Multiple ehlo

                          As Enterprise product, XG should be able to manage multiple ehlo to protect multiple email domain behind it. On UTM9 we have profile mode but multiple ehlo was missing too. Add some sort of profile (including ehlo) for multiple domai for one/multiple public IP, such as WAF does with virtual domain.

                          23 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            Planned  ·  1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • default source port when adding new services to "1:65535"

                            Would be nice if the source port was already pre-populated like it was in UTM9

                            209 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                            • Improve the WAN Gateway monitor

                              Improve the WAN Gateway monitor. Add Latency thresholds, Packet Loss thresholds.
                              This can help much to prevent false positive gateway status.
                              The same feature could be added on VPN Failover system

                              Best regards,

                              Carlos Cesario

                              143 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                              • Mail notification to multiple recipients

                                Add support to notification component send email to multiple recipients.

                                Currently it is supported only 1 recipient.

                                Best regards,

                                Carlos

                                174 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  14 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                • Add support SNMP service to multiple WAN interfaces

                                  Currently this makes impossible an efficient monitoring of appliances (Copernicus) with multiplpe WAN interfaces.

                                  The SNMP server only works through a unique WAN interface.

                                  Best regards,

                                  Carlos

                                  11 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Add support SNMP Community answer to any (0.0.0.0) IP Address

                                    Currently it is needed create one Community to each specific IP address.
                                    It is impossible create two 'Public' communities by example to two different IP address or create a single Community String for any (0.0.0.0) Ip address.

                                    Best regards,

                                    Carlos

                                    26 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Allow interface port to be configured with just vlans

                                      As it is right now you must assign an ip address to an interface and then add vlans. doesn't allow you to just assign vlans.

                                      234 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        21 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Rename objects

                                        Add support to rename Policy rules name, IPSEC and SSL VPN tunnels name, Webfilter Policy and Category objects, Application Policy and Category objects, QOS rules and all other items.
                                        This will Improve the management, it must be default to all objects. Currently to fix a simple typo error, we must to create a new policy or category and populate all items again. A simple task can turn into a hard task.

                                        Best regards,

                                        Carlos

                                        228 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Add option to change Appliance SSH port access

                                          Add support to change SSH port access.

                                          Best regards,

                                          Carlos

                                          120 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.