XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Email addresses should be case insensitive

    When viewing the various dashboards, email addresses should not be split into separate entries if someone used various case (all lower case, all upper case, some lower and some upper case).

    16 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Objects/Rules/Service Bulk Insert

    Now is not possible to do a bulk insert of objects, services and policy. This cold be very useful when you migrate from other vendors or you want to preconfigure a new devices

    16 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Clientless Users assign MAC Address(es)

    Have the option to assign a MAC address to a clientless user instead of an IP address, also have the option to assign multiple MAC addresses to a client for all their devices ie phone, tablet, pc

    54 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Export Configuration in a human-readable format

    At the moment export full configuration is easy with the new option but we need some way to export full configuration or part of it where the config. is full readable as it is possible with UTM.
    This can be used for Passive Analysis too.

    143 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    38 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Ability to change default Admin username

    Currently, the WebAdmin Master-User is fix named as admin. It would be great, if we would have the possibility to change the username. This would be an improvement for brute-force attacks, when the WebGUI is somehow published to the Internet.

    377 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →

    This is being considered. The current intention is to add a superadmin role, making the default admin account just a member of that role.

    This will allow you to create new superadmin accounts, capable of logging into the shell, adding ssh keys, and any other features limited currently to the named admin account.

    Second, you will be able to disable or demote the named admin account.

  6. Improve Backup operation

    At the moment is possible to configure only one method of backup (Local or Email or FTP). I would like to configure 2 ways, such as Local + email, Local + FTP.
    Also no way to only upload configuration inside XG without restore (as it is possible with UTM).
    Once the configuration has been uploaded, I would like to see what has changed from last configuration to current configuration. So the chance to generate a PDF report which lists all differences and details, such as:
    -User A has been added (details)
    -Policy ID has been changed (details)
    - New Traffic…

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Handle exceptions more easily

    Today is quite hard to create simple exceptions. For example: Lets say we have a main user policy that uses a Web filtering policy, a QoS policy, a default routing policy and an App filtering policy.

    Now, lets say we have a user inside this policy that should get a specific web site access that is currently blocked in the web filtering policy. Also, another user needs to get more/less bandwithd than everyone else. Also, a user have to get routed through a specific link and not follow the default route balance. Also, another user must have an application allowed.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow custom Application Filters as well as IPS Custom Signatures

    IPS provides the ability to define custom signatures
    Objects > Content > Custom IPS Patterns
    (http://docs.sophos.com/nsg/sophos-firewall/v15010/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FAppendixB.html)
    Please add this feature also to the Application List.

    Regards
    Sebastian

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add more pre-defined service objects

    Can the developers add the same service ports that is included on the UTM9 Firewall to the Sophos XG Firewall devices in the future please?

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. On Demand CPU Scaling

    The firewall would be scaling the CPU up/down depending on utilization. Main benefit would be less power usage, and possibly better efficiency.

    Should use CPU technologies available like AMD's Cool'n'Quiet or Intel's SpeedStep

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. SSL VPN client that logs on before Windows

    We need a SSL VPN that can log on before windows. This is required in many environments as it allows GPOs to resolve properly.

    130 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. SSL VPN client for mass deployment

    We need a way to deploy the SSL VPN on mass without logging into the user portal. A standard MSI would be ideal which could be deployed by any ESD or as part of an image.

    87 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. DHCP - Clients via DHCP/DHCPv6 relay agent

    XG Firewall already has the option to serve either as a DHCP server, or as a DHCP relay agent for another DHCP server. However, when using the XG Firewall as the DHCP server, there is no option to serve DHCP clients via a DHCP relay agent (i.e., when another device is serving as the relay agent). As a result, DHCP pools on the XG Firewall can only be configured using address ranges that are contained within the subnet range of the selected interface. This option is available when setting up address pools in UTM9.

    29 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Route based VPN in XG Firewall

    Route based VPN is a very much required feature in XG Firewall. Lot of Cyberoam customers are using this feature, primarily for MPLS to VPN failover using Dynamic Routing. In multi-branch scenario, Sophos cloud is a great solution with Synchronized security. But customers who are using Route based feature are not able to upgrade their Cyberoam devices to SF-OS because of the feature lack.

    109 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow service object creation while creating a service group

    make creation of a service while creating a service group available. Right now I had to create all the desired services. And only after that could I create the group and add the services

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Export-Import Reports and Logging

    For customer that do not use iView, we need a way to export logs and reports before a format is needed for some reason (when no HA is used).
    Also now the license is attached to serial, so imagine a customer need to move to another appliance (bigger or smaller) he will lose all data.
    Inside Administration, there is a Menu "Import/Export). You could add the feature inside there.
    Once exported, reports/logs should be imported again as History or merging with the new data.

    18 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Report - Time spent for single Website/URL

    At the moment, there is no reports to know how much time a user spent on a website.
    This kind of report was available on Executive report and Web reports.
    Very useful to undestand how employees spend their time during working hours or custom date/time.

    Please add.

    70 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  18. Using Sophos Home for Home licence

    The Security Hartbeat uses the commercial version of Sophos cloud services.
    For home licence users it would be nice to have the Sophos home cloud instead of to exchange the Sophos endpoint protection of UTM).

    81 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Synchronized Security (Heartbeat)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Common Objects used in all configurations

    Give us objects like in the UTM, Why do i have to set a static ip in the dhcp, add a dns record in the dns server and create a ip host object for firewall rules, when i could do it all with one object in the UTM.. This was for me a really really perfect feature and it makes it all a lot easier to administrate since you don't have to do the same over and over again for different parts of the configuration.

    106 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. SSTP VPN - Native Support

    Microsoft PPTP VPN is using a weak algorithm (MS-CHAP v2 which can be cracked) so you should upgrade to SSTP vpn protocol available from Windows Vista. You could allow users to download certificate from user portal and no more actions are required on client side. Think about whem you need to manage 100 users and you need to manage them, such as udating their client or when they move from once PC to another. In this way, is the client OS that manage the entire overhead and from XG side is another add-on from TMG's competitor.
    The same request has…

    49 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.