XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. IPSec - automatic reconnect after editing

    Please start the IPSec-tunnel after editing it automatically.
    Thanks.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. TRAFFIC SHAPPING

    We need the traffic SYSTEM GRAPH based on RULE ID, because based on rule id (policy) we can easy to identify where the bandwidth consumes easily,
    because we purchased this firewall before two months. in old firewall we had that option, so please add this feature

    29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  3. Make menu options in the user portal group based.

    Make menu options in the user portal group based. The majority of our users only need the smtp option. Only the system administrators need acces to vpn or other options.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. 54 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support SNMPv3 on the XG

    Submitting on behalf of client:
    Currently the XG only supports v1 and v2 for SNMP client hoping we can support v3 as well as it is a requirement needed for his environment.

    61 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  6. HTML5 VPN

    Add HTML5 VPN like UTM9

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. DDNS & hostname override

    It would be great if DDNS could update on multiple ports. An example is if I have a primary WAN (Port2) with a failover to a secondary WAN (Port3), if the primary WAN fails, then the DDNS could register the secondary WAN. This would also help with the SSLVPN and the Hostname Override. Right now when the primary WAN fails, they lose SSLVPN access. I either have to change the Hostname Override IP and download the configuration or if I am using a hostname, I will have to change a DNS A Record.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Dynamic DNS Providers  ·  Flag idea as inappropriate…  ·  Admin →
  8. Transparent mode for layer 3 routing

    Say you have a Datacenter with a VPN router that you plug it into a interface, give it the private ip adress because the router is configured to forward all traffic to the xg, you set interface to be transparent to your gateway and select option layer 3 subnet so you don't have to do any policy routing. The xg will know to do it automatically...

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Hallo, bei einem Anwender hatten wir einen Fehler der unseren Support 155 beschäftigt hat.

    unter
    http://wiki.sepsoftware.com/wiki/index.php/Release_Notes_4.4.3#Known_issues_and_limitations
    Known issues and limitations

    Note
    Antivirus programs may disrupt network communication and cause SEP sesam processes, such as backup and replication, to fail. One program that is known to cause SEP sesam processes to terminate is Sophos Firewall with IPS (Intrusion Prevention System) enabled. Make sure that there are no antivirus, firewall, IDS or IPS programs preventing interaction with SEP sesam.

    Dito unter
    http://wiki.sepsoftware.com/wiki/index.php/Replication#Prerequisites

    Gruß

    Ewald Einwanger

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Admin login notification in email

    when some one login with admin account then only log is created. it should be some email alert mechanism. if someone try to guess admin password from LAN or WAN then real administration should get an alert that someone is trying to access applciance with IP address. Bcoz this is a firewall so all alerts should be there

    33 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow changes to syslog format for easier reporting in 3rd party logging tools

    The "syslog" format is not very sysloggy.for example some fields are quoted, some are not, blank values are included but not quoted making it unnecessarily difficult to parse. permitted. Be nice to be able to specify custom formats to avoid messing about with, for example, logstash filters.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  12. http/2 support

    our customers are asking for the http/2 Support for there webservers, please add the http/2 Support to the WAF - Webserverprotection

    31 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. it is strange that we can't monitor auxiliary appliance via SNMP.

    it is strange that we can't monitor auxiliary appliance via SNMP , when we are in HA mode Actif/actif , we can't monitor auxiliary appliance !!!

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow access to webadmin by an AD group

    It's not possible to choose single AD Group imported by authentication server to access to webadmin

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. DNS support for SRV Records

    Add support for SRV records in XG's DNS service according RFC 2782. This would enhance XG's ability to operate in Windows environments; i.e., support Active Directory.

    25 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Maintain firewall filtering

    If you filter firewall rules, then edit a rule, the filtering is lost and you have to re-apply the filter. This is a nightmare when you need to update 10 different firewall rules. Filtering should be maintained until it is cleared.

    25 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Google Apps based User Authentication via SAML

    Hello, we currently use Google Apps for user management. For many apps, we use SAML to talk to Google Apps for user authentication.

    In small environments where Active Directory is not in place, it would be great to have SAML/SSO via Google.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Load Backup instead Basic Setup

    Could be a good option if when perform the initial wizard setup, instead need to config Basic Settings you can load a previously taken Backup. This could be useful when you have just flashed the device.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Consolidate Setup Wizards in single menu

    As it stands there are two Setup Wizards in XG that I've used. One is the initial setup under Admin (top right corner) > Wizard and the other is for VPN under VPN > IPSec > Wizard.

    If possible it would be good to have these consolidated into a single Setup Wizard menu located under the Admin dropdown in the right corner. This way as more setup wizards are added like for Firewall rules, SSLVPN, or other task they can all be accessed via one central location.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. vpn

    When an XG firewall is connected to another firewall via VPN, the XG firewall cannot route traffic to the remote protected network by default. Instead, you have to set up a special route and SNAT using the console in order for it to work and you are apparently required to specify hosts rather than whole networks when setting up the route (see https://community.sophos.com/kb/en-us/123334).

    The UTM9 firewall can route traffic through the VPN tunnel by default. I can't believe this problem is a "feature" in XG. Adding extra steps to make something work less well than something that just automatically…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.