XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add options for IPv6 DHCPv6-PD

    My ISP supports native IPv6, they support prefix delegation using DHCPv6-PD to assign a /56 subnet. They do not assign the WAN interface an IPv6 address (i.e. no IA-NA) and only provide a prefix delegation (IA-PD). Currently XG (and UTM9) doesn't work with my ISP to get a PD because there are no options to request IA-PD only. My ISP edge router will respond to a solicit message with a IA-NA and IA-PD request but it would appear that the XG doesn't conform to RFC7550 when it sends a IA-NA message and receives a "NoAddrsAvail" from my ISP edge router.

    223 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    33 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Enable selectable SSL certificate for SMTPS scanning

    The Email Protection lacks ability to select a specific host certificate for an exposed SMTP server. Right now only CA certificate can be chosen and host certificate is dynamically created. SSL Certificate in Email Protection could be assigned the same way Web Certificate is in Web Protection.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add ability to create MAC host groups.

    In the list of host objects, all have the option to create groups, except for MAC hosts. Please add ability to also create groups for those objects.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. SCP Access should be possible

    According to the following thread, SCP-Access to the Firewall should be possible. It would improve troubleshooting workflows a lot.

    https://community.sophos.com/products/xg-firewall/f/46/t/73960

    74 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add Google's DynDNS Provider

    Please provide ability to use Google's Dynamic DNS service.

    40 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Dynamic DNS Providers  ·  Flag idea as inappropriate…  ·  Admin →
  6. time of click protection

    For real protection from malicious emails, this is one of the best way to protect organization. This hasn't been in Sophos email appliance, UTM but I wonder if they will be adding it to XG. Without this, there is no easy way to compete with Fortinet/Proofpoint ... I won't even mention this is demanded by customers.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. button for renew DHCP on the Wan interface

    In UTM Wan interface there is a button for renew DHCP. There is not such button in the XG Wan interface.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow Ping using Business Application Rule

    When creating an Alias (System > Network > Interfaces > Add Alias) and then creating a Business Application Policy for the external address

    - Business Application Policy does not have an option to forward pings through to the Internal Server

    Currently it is only possible if Forward All Ports is selected from the Business Application rule
    -

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Email addresses should be case insensitive

    When viewing the various dashboards, email addresses should not be split into separate entries if someone used various case (all lower case, all upper case, some lower and some upper case).

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Connection/Session/timeout limitin on Policy Rule

    We need to specify differenti timeout or different concurrent session per Security Policy

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Objects/Rules/Service Bulk Insert

    Now is not possible to do a bulk insert of objects, services and policy. This cold be very useful when you migrate from other vendors or you want to preconfigure a new devices

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Clientless Users assign MAC Address(es)

    Have the option to assign a MAC address to a clientless user instead of an IP address, also have the option to assign multiple MAC addresses to a client for all their devices ie phone, tablet, pc

    45 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add inheritance to App and Web filter policies.

    It is hard to develop several filter policies with little differences for several groups of users. It would be nice to have ability to inherit, for example, web categories from other web filter policies and for application filters as well.
    Or there could be the ability to duplicate policies as it has been mentioned before.
    Thank you.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Export Configuration in a reading format as UTM

    At the moment export full configuration is easy with the new option but we need some way to export full configuration or part of it where the config. is full readable as it is possible with UTM.
    This can be used for Passive Analysis too.

    49 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Username of Admin should be chagable

    Currently, the WebAdmin Master-User is fix named as admin. It would be great, if we would have the possibility to change the username. This would be an improvement for brute-force attacks, when the WebGUI is somehow published to the Internet.

    306 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →

    This is being considered. The current intention is to add a superadmin role, making the default admin account just a member of that role.

    This will allow you to create new superadmin accounts, capable of logging into the shell, adding ssh keys, and any other features limited currently to the named admin account.

    Second, you will be able to disable or demote the named admin account.

  16. NTP - no need for rebooting the Firewall

    When making changes to the NTP Configuration, it should not be necessary to reboot the Firewall afterwards.

    103 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Improve Backup operation

    At the moment is possible to configure only one method of backup (Local or Email or FTP). I would like to configure 2 ways, such as Local + email, Local + FTP.
    Also no way to only upload configuration inside XG without restore (as it is possible with UTM).
    Once the configuration has been uploaded, I would like to see what has changed from last configuration to current configuration. So the chance to generate a PDF report which lists all differences and details, such as:
    -User A has been added (details)
    -Policy ID has been changed (details)
    - New Traffic…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sophos Cloud Deployment Behind an XG -Firewall(Initial deployment)

    Security heartbeat is indeed a great innovtion.But issue comes ,when it comes to deployment of sophos cloud in a corporate/Enterprise network with 500 odd users.Rite now,Installer which is delivered over mail which is a quick installer & some 150 +MB need to get downloaded from internet each time a user clicks on setup link eating about 30 minutes for installation on a single client machine.So how much time for a 500 user network & load it takes on network.
    So most IT administrators reluctant to go for cloud deployment when it comes head-office deployments.
    So this idea deals with an…

    20 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Synchronized Security (Heartbeat)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Handle exceptions more easily

    Today is quite hard to create simple exceptions. For example: Lets say we have a main user policy that uses a Web filtering policy, a QoS policy, a default routing policy and an App filtering policy.

    Now, lets say we have a user inside this policy that should get a specific web site access that is currently blocked in the web filtering policy. Also, another user needs to get more/less bandwithd than everyone else. Also, a user have to get routed through a specific link and not follow the default route balance. Also, another user must have an application allowed.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Please add Custom Application Filters according to IPS Custom Signatures

    IPS provides the ability to define custom signatures
    Objects > Content > Custom IPS Patterns
    (http://docs.sophos.com/nsg/sophos-firewall/v15010/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FAppendixB.html)
    Please add this feature also to the Application List.

    Regards
    Sebastian

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.