XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. SPX Portal on port 443 in stead of 8094

    It is only possible to use ports between 1025 and 65535 for the spx portal. Receipients behind a firewall which block non standard ports will not be able to choose a password for encryption. I know port 443 is being used for the user portal so it will conflict so maybe use an alias for both. Just like the ssl vpn port not able to use port 443 is a major flaw in this product.

    39 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Field Mapping Between Firewall & Active Directory

    For all the users fetched from active directory on to the firewall, the firewall admin should be able to mapping active directory field to the username fields on the firewall.

    Please check this thread from Sophos Community for more Information.

    https://community.sophos.com/products/xg-firewall/f/logging-and-reporting/86524/override-username-field-on-the-firewall-with-some-other-field-on-active-directory---report-shows-emp-id-instead-of-username-xg-sso/320495#320495

    Hope to see it soon in SFOS

    8 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  3. Option to use QoS by Policy instead of user/group with Authenticated access

    Today it's not possible to create more than one rule for authenticated users that specify different QoS policies.

    When a rule is marked to match authenticated users, the QoS policy selection is disabled as it is inherited from the user/group.

    Instead, the system should allow the administrator to define if the user default policy or a stand-alone QoS policy will be applied to the access.

    8 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. MAC based authentication

    Give option to restrict a user accessing internet from specific MAC address only. Current in 16.05 there is option shown in Authentication > Users > Details, but it does not work.
    Sophos support says, such a feature is not available. Please bring the feature back.

    Summary: Restrict a user from a particular MAC address. User should able to login to internet/UTM from this MAC address only

    74 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Exempt Specific Applications from Traffic Quota

    Allow us to 'exclude' certain applications which may not be able to be configured on an IP/port basis, from the Quota functionality.
    E.g Skype, Viber, Skype4Business, Office365

    Also, Windows Update and other software update that may consume quota quickly.

    21 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  6. Device Type and OS type detection, so can apply rule by it.

    please we need to apply rules by device type or OS type.
    which most of our customers ask for it, cause it included on other firewall.

    97 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. DNSimple Dynamic DNS Provider

    Please add DNSimple as a Dynamic DNS provider. The link below provides info on their Bash Client as well as APIs if you should choose to bake your own or extend some convenience features into the Web Interface. All that is needed to make this work on an XG is some sort of scheduler (LaunchD/Cron) to run the bash script.

    https://developer.dnsimple.com/tools/

    Bash Script Example Below:

    !/bin/bash

    TOKEN="your-oauth-token" # The API v2 OAuth token
    ACCOUNT_ID="12345" # Replace with your account ID
    ZONE_ID="yourdomain.com" # The zone ID is the name of the zone (or domain)
    RECORD_ID="1234567" # Replace with the Record ID …

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Dynamic DNS Providers  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow outgoing emails to be signed with DKIM

    Include the possibility of signing outgoing emails using DKIM for all or only selected email domains as in UTM9

    275 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    46 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. User report showing only primary URL visited

    Currently the system cannot report on specific domains - urls that users have entered to a search engine.

    Need a report that can do this without reporting on ALL the urls required to make a page work - dont want to see multiples of the same urls or the extra urls required to make a page display - only want a list of what users are trying to access

    12 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. Wireless Site Survey

    I think you can do it on Sophos Cloud, but the ability to upload and mark on on a floor plan where all the access points are, and do site surveys.

    25 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Audio for RDP sessions

    Currently RDP sessions through the User Portal don't offer Audio. This feature would be handy for remote users to be able to playback voicemails, etc.

    12 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Full screen for RDP sessions

    RDP sessions from the User Portal don't allow you to adjust the screen resolution or go full screen to fit the remote desktop to your screen.

    60 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. ipsec vti / routable ipsec / routable ssl vpn with abilities to connect to none sophos remote

    RED Tunnels is nice only if i can live in a world where every firewall/gateway is made by sophos. So at least support some standard means to create routable vpn.

    6 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. Mixing Wireless Client Traffic Types

    I want to be able to add all my wireless networks to all my access points.
    Currently I cannot mix "Bridge to AP LAN" and "Bridge to VLAN" on the same access point which I could easily do on other wireless systems.

    14 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. TR-069 Provisioning

    Auto-provisioning via TR-069/CWMP protocol to configure wan ip address, firewall rules, management server, etc.

    https://en.wikipedia.org/wiki/TR-069

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. DHCP option 42 (NTP) use DNS name

    DHCP option 42 (NTP) currently can only take static IP. Need to use DNS name as well. So we can use something like pool.ntp.org

    22 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. NAT64 support

    With ipv6 wan interface its not possible to reach an ipv4 (ipv6 is not possible for this specific device) device over the internet. We need an translatoon from ipv6 -> ipv4. business application rules (dnat, waf) does not support mixed ipv4/6. only ipv6 for an ipv6 rule and vice versa.

    50 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Make home license payable but cater to some home user requests

    Perhaps not the most popular suggestion, but I would gladly pay a modest fee (e.g. 50 USD/year to be on par with Untangle) if some user requests could be fulfilled. I think of


    • using the Sophos Home cloud to create integrated reporting

    • the ability to use XG as an OpenVPN client so all traffic is protected

    • the ability to use sandstorm

    Then again : a big thank you for making the software free to use. Based on this policy, I was able to recommend at least 15 small business to move to Sophos.

    17 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. XG as OpenVPN client

    The ability for XG to act as an OpenVPN client with the ability to open separate tunnels based on destination country would be great.
    I fully realize this functionality is probably most relevant for - non paying - home users so I ask this with a lot of diffidence.

    27 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support for DNScrypt

    Is it possible to add DNScrypt-support please ? Everything that can be done to make DNS more secure is urgently needed :)

    37 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.