XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. show all objects of a category on one page

    Whereever I have a list of objects (IP Hosts, Services, ...) it is been listed batched with 20 objects per page.

    It would be good to be able to have all objects on one single page in order to be able to scroll through all of them (and even better, if this setting could be persistent ;-) ).

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Disable Columns for syslog

    When I send the logs to syslog-server, I get all the columns into the log.

    Since I don't use some functions, which generate only columns with empty values, I would prefer, beeing able to disable some columns, so they are not been sent to syslog at all: Logfile would be much more readable - thank you!

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  3. Sort objects in Dropdown by name

    I have some 200 Objects, from which I choose the right one(s) in the firewall policy. It is annoying to look for specific objects and always having to filter them is not really time-saving.

    Could you please sort the object within a dropdown by name? So I can just scroll inside the dropdown to the object, I need - thank you

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Negate Objects in the Firewall Policy

    In the Firewall Policies, I miss a feature to negate an object inside a rule.

    So for example I could define in a single rule: Whole of Zone LAN is allowed as destination, but not the objext "Server xy"...
    Or Any Service is allowed, but not SQL

    In the policy change view, I have two action-icons: One for editing and one for removing it. A third Icon of negating would make the UI-part (and the object then could be seen as striked through or similar...).

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Management Pack for MS Operations Manager

    It would be great to have a management pack for SCOM for the XG line!

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  6. Dedicated Management IP

    I wish that access to Webadmin can be restricted only to Management IP which should be different from the LAN interface IP.
    Currently, if I setup an IP on the Management port, I can access Webadmin via both LAN interface IP and Management port IP. If I disable the HTTPS on LAN interface, it also disable HTTPS access to Management port, which means the Management port is totally useless.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Accurate and Instantaneous reporting of connection throughput

    We've had some users and services saturate our internet connection. Presently it is very difficult to determine in real time who is using how much internet. Bandwidth on the dashboard is inaccurate when reported per user or IP. usually very understated. Diagnostics > connection list is unsortable, and doesnt show traffic in Kbit/sec instead it's total bytes or total packets. Network > wan link manager > graphs are only updated once every 2 hours. Current activities > live connections is delayed and understated.

    No where can we get a list of traffic that adds up to teh bandwidth graph of…

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  8. Driver problem compatibility sheet

    The Sophos XG 201 recently purchased has the network driver manufacturer intel i40e version 1.1.23 dated 2014-11-03 more that 3 years old. Please update this to the driver intel manufacturer i40e 2.0.23 dated 2017-04-12.
    The issue is that oue twiaxial wire connection is set in the sophos as unrecognized is a DEM-CB100S Dlink manufacturer and sophos set it to as I said unrecognized

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable to configure multiple VPN Zones

    All of the zones of the VPN of the connection destination are the same and different policies can not be written.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. IPv6 MLD2

    IPv6 MLD2 support

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow option to ignore RADIUS Logoff

    The ability to ignore Logoff requests issued by RADIUS accounting - similar to the feature found in STAS. This is because many wifi providers issue STOP frames as devices roam to RADIUS Accounting, which can cause temporary internet disconnections when roaming.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. User Portal login automatically launches VPN client

    Can a feature/checkbox be added to auto-launch the VPN client upon successful authentication to the User Portal? This would simplify the user experience so they only have to login via a web-browser and not actually start a client first. Sonicwall can do this with NetExtender and simple check-box "Launch VPN Client after login".

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Anti-portscan

    XG does not have a anti-portscan feature. Please vote it!

    399 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    45 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. XG Client for Chromebooks

    It would be really nice to have a chrome extension for the XG firewall to identify a Chrome user using a Chromebook. This way we could identify user or Group to use certain rule sets. This would also be great reporting purposes.

    20 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Application-Traffic Shaping based on percentage of WAN bandwidth available

    Allowing to set application bandwidth based on the percentage of the WAN bandwidth available will make enable copying configs from firewalls with different total WAN bandwidth. Moreover will make it a less hassle to upgrade or downgrade WAN bandwidth in the future. This feature would greatly enhance the settings for MSPs or vendors who send out pre-configured firewalls.

    30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  16. Smtp malware scanning support with user / network policy

    Smtp malware scanning support with add user/network policy

    Not scan smtp malware with user / network policy.
    I want this function to be supported

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Match DHCP leases with RADIUS accounting messages

    For Sophos XG:
    Routers like OpenWRT do not know the IP address when a client connects and can only report the MAC to the firewall. If this firewall is also serving as a DHCP, it can match the MACs ( from accounting message and IP lease) and thus, the Framed-IP-Address attribute is not required any more.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. WPAD

    Couldn't find it previously suggested, so want to throw this in the mix. It would be awesome if we could host WPAD file locally on the XG unit. If I missed it in the documentation I'd appreciate if someone corrected me.

    22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. hotspot voucher creation with starting validity

    It would be useful to be able to create hotspot vouchers with starting and ending validity , and also to schedule the creation of them

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Non-Sophos WNIC Support

    Some core functionality for other wireless chipsets should be provided, even if it isn't "guaranteed perfect".

    For example, ath9k (Atheros) drivers ship with XG, but cannot be loaded because of a version conflict with a dependency. Atheros chipsets are the most compatible with other linux, and considered to be "100%". The code is all there, and being used in production by other manufacturers.

    Sophos XG Home isn't usable in my circumstance because it doesn't support common wireless chipsets, which is needed in my home. Purchasing a Sophos wireless appliance is possible for my company, but not for me at home!

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.