XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Hallo, bei einem Anwender hatten wir einen Fehler der unseren Support 155 beschäftigt hat.

    unter
    http://wiki.sepsoftware.com/wiki/index.php/Release_Notes_4.4.3#Known_issues_and_limitations
    Known issues and limitations

    Note
    Antivirus programs may disrupt network communication and cause SEP sesam processes, such as backup and replication, to fail. One program that is known to cause SEP sesam processes to terminate is Sophos Firewall with IPS (Intrusion Prevention System) enabled. Make sure that there are no antivirus, firewall, IDS or IPS programs preventing interaction with SEP sesam.

    Dito unter
    http://wiki.sepsoftware.com/wiki/index.php/Replication#Prerequisites

    Gruß

    Ewald Einwanger

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Admin login notification in email

    when some one login with admin account then only log is created. it should be some email alert mechanism. if someone try to guess admin password from LAN or WAN then real administration should get an alert that someone is trying to access applciance with IP address. Bcoz this is a firewall so all alerts should be there

    33 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow changes to syslog format for easier reporting in 3rd party logging tools

    The "syslog" format is not very sysloggy.for example some fields are quoted, some are not, blank values are included but not quoted making it unnecessarily difficult to parse. permitted. Be nice to be able to specify custom formats to avoid messing about with, for example, logstash filters.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  4. http/2 support

    our customers are asking for the http/2 Support for there webservers, please add the http/2 Support to the WAF - Webserverprotection

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. it is strange that we can't monitor auxiliary appliance via SNMP.

    it is strange that we can't monitor auxiliary appliance via SNMP , when we are in HA mode Actif/actif , we can't monitor auxiliary appliance !!!

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow access to webadmin by an AD group

    It's not possible to choose single AD Group imported by authentication server to access to webadmin

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. DNS support for SRV Records

    Add support for SRV records in XG's DNS service according RFC 2782. This would enhance XG's ability to operate in Windows environments; i.e., support Active Directory.

    25 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Maintain firewall filtering

    If you filter firewall rules, then edit a rule, the filtering is lost and you have to re-apply the filter. This is a nightmare when you need to update 10 different firewall rules. Filtering should be maintained until it is cleared.

    25 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Google Apps based User Authentication via SAML

    Hello, we currently use Google Apps for user management. For many apps, we use SAML to talk to Google Apps for user authentication.

    In small environments where Active Directory is not in place, it would be great to have SAML/SSO via Google.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Load Backup instead Basic Setup

    Could be a good option if when perform the initial wizard setup, instead need to config Basic Settings you can load a previously taken Backup. This could be useful when you have just flashed the device.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Consolidate Setup Wizards in single menu

    As it stands there are two Setup Wizards in XG that I've used. One is the initial setup under Admin (top right corner) > Wizard and the other is for VPN under VPN > IPSec > Wizard.

    If possible it would be good to have these consolidated into a single Setup Wizard menu located under the Admin dropdown in the right corner. This way as more setup wizards are added like for Firewall rules, SSLVPN, or other task they can all be accessed via one central location.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. vpn

    When an XG firewall is connected to another firewall via VPN, the XG firewall cannot route traffic to the remote protected network by default. Instead, you have to set up a special route and SNAT using the console in order for it to work and you are apparently required to specify hosts rather than whole networks when setting up the route (see https://community.sophos.com/kb/en-us/123334).

    The UTM9 firewall can route traffic through the VPN tunnel by default. I can't believe this problem is a "feature" in XG. Adding extra steps to make something work less well than something that just automatically…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add hostname in email notifications

    When receiving notifications for multiple XG appliances there is no clue in the mail about which appliance it is coming from ...
    Is it possible to just add the appliance hostname in subject, just lige UTM SG do ...
    Actually the only way is to set a per-device (not really existing) sender email address and that is not a good practice nor very convenient

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Create group with LDAP custom attribute

    UTM 9 is easier to create a group based on LDAP attribute. In XG via Configure> Authentication> Group> Add Members we did not find it

    https://community.sophos.com/products/xg-firewall/f/authentication/87458/create-group-with-ldap-custom-attribute

    20 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Sending only 1 quarantine report to user

    Currently the quarantine digest sends a report to very e-mail adres that is configured as a user.

    When user1 had 1 email address it gets 1 report
    When user2 has 3 email addresses it gets 3 quarantine reports these other two are duplicates, so only need to be send once.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Auto Login Normal User By Mac Address

    When i create user for ex test i give it mac address of a computer when his computer turn on >> automatically login to fire wall by his mac to test account ... like cleintless by ip address but here by mac address and normal user

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. POP3/IMAP-Increase email scan limit

    Please increase POP3/IMAP email scan size limit from 10 MB to at least 50 MB as for SMTP. It is not acceptable to have security only until 10 MB. Denying is also no option, if you want to keep your business communication going.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add option to application rules for automatic email alerts.

    When configuring an application policy rule, I would like an option to have email alerts sent to the configured address if the programs in that rule are detected.
    Also, the option to configure the text of the alerts would be nice, with {user} for the Username of the application and {app} for the application in use.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  19. schedule time for the Business Rules Applications

    Set the schedule for the Business Rules Applications rules would be an important thing to enter.
    Thanks
    Carlo

    39 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. ssh port forwarding (ssh -D -L -R)

    like Sophos SG, is usefull that admin be able to use ssh port forwarding, but in sophos XG this feautirs is not implemented in ssh protocol

    see ssh command line options for more details:
    ssh -D
    ssh -L
    ssh -R

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.