XG Firewall
Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.
-
Assigning static ip to SSL VPN users
It would be very convenient to assign static ip to users logging in through SSL VPN client. Currently this feature is available only to L2TP and PPP users.
368 votes -
Mobile network agent: Only attempt auth to known SSIDs
Tried network agent to authenticate users and it is a very nice feature.
Once installed, you connect with mobile to user portal, download certificate and import inside the APP.
However I would suggest to add an option inside the APP that allow the APP to work only when the mobile is connected using a specific SSID Wi-Fi connection. At the moment, the only integrated option are:Save Password
Auto Login
This ensure that user do not need to open the APP when they are back to work and save battery.
29 votes -
XG as NTP Server
NTP Server is a small package and UTM9 has it. In some small organization, having a central NTP server is a nice feature.
Can you add it into future release?You can put it inside device access, denying WAN from using NTP server for security reason.
854 votesThis feature is under consideration for a future release, though a target version or timeframe is not yet set.
-
Force delete object
At the moment, if you try to remove a object used somewhere (Policy Rule for example) a message appears saying that "the object is already in use." So give us where the object is in use and allow Admins to delete it.
You can add an extra column with number of times the object has been used and give LINK where the object is used so we can go directly to the place and check if can delete it or not.209 votes -
Allow Configuration of DHCP Options
UTM 9 had great DHCP options that you could assing globally or to an individual pool. For people with VoIP deployments this is Huge.
462 votesAdding DHCP options to the GUI is under consideration for a future release.
-
WAF: more authentication type
At the moment there are different type of authentication missing even on UTM9 against ISA server 2006, such as:
- Two-factor authentication using forms-based authentication and a client certificate.
- Delegation of credentials by using NTLM or Kerberos authentication.
- Kerberos constrained delegation.
- Secure Sockets Layer (SSL) client certificate constraints
In this way, XG and UTM9 are the very alternative to ISA Server.
149 votes -
Integrate Alarm output into RMM tools
With the new XG firewall with the heartbeat function. Nearly all IT reseller/Partners use RMM tools, these alarms need to be integrated into these tools. (Connect wise, kasya, etc).
Adding a connector into these tools will do the following:-
…Integrate automatic Ticket generation for alarms and alerts from the Sophos XG platform into the IT billing and Ticket system.
Stop IT companies having to go and manage multiple web pages and different sites to generate Tickets of work.
Be a powerful difference between Sophos and other Firewalls sold.
This should not be very hard to integrate into the Partner Web11 votes -
534 votes
-
Bring RED Tunnels to UTM's and also to Sophos XG
I would love to be able to create RED tunnels to other Sophos Firewall XG devices aswell as Sophos UTM's.
This was a big disappointment to myself who used RED tunnels between UTM's
30 votesStarted ·
AdminJan Weber
(Product Manager, Network Security Group, Sophos Features & Ideas Laboratory)
responded
Work on bringing back RED tunnels between two XG Firewalls has started and will be part of the next version of XG Firewall.
-
Improve Signature Policy GUI (IPS/AppCtrl)
In the moment it is a mess to select IPS Signatures and Applications in the
GUI, which additionally doesn't fit in the browser window very well.
Did i mention the (small) scroll bar on the right?Please adjust the IPS and AppCtrl GUI according to best practices.
16 votes -
Create and Manage Multiple ehlo
As Enterprise product, XG should be able to manage multiple ehlo to protect multiple email domain behind it. On UTM9 we have profile mode but multiple ehlo was missing too. Add some sort of profile (including ehlo) for multiple domai for one/multiple public IP, such as WAF does with virtual domain.
26 votes -
Improve the WAN Gateway monitor
Improve the WAN Gateway monitor. Add Latency thresholds, Packet Loss thresholds.
This can help much to prevent false positive gateway status.
The same feature could be added on VPN Failover systemBest regards,
Carlos Cesario
262 votes -
Mail notification to multiple recipients
Add support to notification component send email to multiple recipients.
Currently it is supported only 1 recipient.
Best regards,
Carlos
287 votes -
Add support SNMP Community answer to any (0.0.0.0) IP Address
Currently it is needed create one Community to each specific IP address.
It is impossible create two 'Public' communities by example to two different IP address or create a single Community String for any (0.0.0.0) Ip address.Best regards,
Carlos
32 votes -
Rename objects
Add support to rename Policy rules name, IPSEC and SSL VPN tunnels name, Webfilter Policy and Category objects, Application Policy and Category objects, QOS rules and all other items.
This will Improve the management, it must be default to all objects. Currently to fix a simple typo error, we must to create a new policy or category and populate all items again. A simple task can turn into a hard task.Best regards,
Carlos
358 votesThis will be implemented in a future release. It is being included as part of a larger project, to generally improve configuration capabilities across the product. Version for release is not yet confirmed.
-
Add option to change Appliance SSH port access
Add support to change SSH port access.
Best regards,
Carlos
166 votes -
Add support to choose multiple Hosted Address when create a Business Application Policy
Add support to choose multiple Hosted Address when create a Business Application Policy.
Imagine a customer with 3 WAN links and 50 Business Application Policies rules.It is needed create 150 Rules for this.This is a real case today.
Best regards,
Carlos
38 votes -
Add support SNMP via VPN without add static
Add support SNMP via VPN without add static routes. This could be as SSH via VPN, only choose a checkbox allowing or deny the service.
Today it is needed add static route pointing to tunnel name.Best regards,
Carlos
11 votesThis should be addressed, as part of our improvements to VPN tunnel capabilities in v17.
-
Add support to USB NIC
At home USB NICs are ideal. Exactly the same problem we had in UTM9. Link below.
331 votesThis feature is under consideration for a future release, though a target version or timeframe is not yet set.
-
Enable/Disable Interface
At the moment, there is no way to disable/enable an interface inside SFOS.
Strange!Even using CLI menu.567 votesThis is a high priority feature, and will likely be targeted as soon as possible after v17 ships, though it is not yet committed to a release.
- Don't see your idea?
