Firewall Management in Central

Suggest, discuss, and vote on new ideas for Firewall Management in Sophos Central. Powerful enterprise and multi-customer management for Sophos XG Firewall.


Firewall Management in Central

Suggest, discuss, and vote on new ideas for Firewall Management in Sophos Central. Powerful enterprise and multi-customer management for Sophos XG Firewall.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Autoresolve Alerts

    There are many situations where central raises more than one alert to a specific topic. Examples:
    - Firmware upgrade (Connection lost, Gateway up, Firewall upgrade completed)
    - VPN/RED connection lost (Connection lost, Connection reestablisht)

    I would like to change the behavior of how alerts work in central. From my perspective it would be better, if an alert is archived, when the initial incident is resolved. In an example for VPN/RED alerts this would mean: An alert is raised, if any RED disconnects from the XG (current behavior). When the RED is reconnected, central should close the initial alert with an…

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Customer dashboard features  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow remote restart of Firewall from Sophos Central

    It would be extremely helpful to have the ability to remotely restart a firewall via Sophos Central. For example we recently had an issue remotely managing a few firewalls, they would go into a redirect loop when attempting to manage via Sophos Central. A restart of the firewall resolved this, but there is no way to perform the restart without having local access if remote access is not working. The firewalls in question were reporting status to Sophos Central just fine, and could even initiate a firmware update - just could not perform remote management.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Required VPN Bandwidth consumption Report

    We are using Sophos XG230 model firewall and XG110 firewall more then 10 numbers.

    We have required bandwidth consumption details for IPsec VPN .

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. read only access

    I have a helpdesk / jr sysadmin that I want to have read only access to my firewalls, accessible from sophos central. I was actually told by Sales that this was possible, and it was one of the big reasons I started changing to Sophos from Sonicwall. Then I find out it isn't possible. In order for my user to connect to the firewall from sophos central at all, they have to be a full admin. My only option is to manually set him up a limited account on each and every firewall and have him log into them individually.…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. system ipsec_route

    In our configuration, we have to do a system ipsec_route add ... for each of our IPsec tunnels. This appears to be required, otherwise we cannot reach the IPsec endpoints over the SSL-VPN connections. Support has informed me that ipsec routes cannot be setup in the GUI. Would love to have this feature available to avoid having to use SSH on 20+ different tunnels and 30+ different networks.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Controll & Monitor Pattern Updates

    I am only able to run firmware updates on a managed XG. There is no option to install pattern updates (e.g. Access Points, REDs) on a specific date.

    For everything else that is auto-updated I would like to have an option to monitor failures and situations, where the device didn't find the latest patch. (I would like to have the logic inside of central. Central should compare the installed and available version of each pattern reported from a local device against the latest available version on the cloud.)

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Single device management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add user password complexity to SOPHOS Central

    V18 MR-4 XGs have now two password complexity options - admin and user, both separated. However, in Sophos Central, there is only option to configure admin password complexity settings and nothing for user complexity settings.
    As a result, the only way to update user password complexity settings is by logging into each individual XG which is not always feasible, especially when you have sites with over 100 XGs deployed.
    Therefore, please add user password complexity also to SOPHOS Central.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Try to contact the server SQL

    https://trac.edgewall.org/wiki/TracUsers
    You can find the programs and software they are using

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Group Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. SSH From Central

    Enable the admin to access ssh from central gui via "teminal web page"

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. AD based Admin-Group

    It would be great, if the firewall decides automatically based on a defined AD-Group, if the User is an Firewall-Admin. This would simplify the User/Admin-Management in centrally managed environments with multiple Administrators.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Group Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. Visibly show when an XG backup circuit is in use in Central Admin

    When working with firewall management for Sophos XG firewalls within Sophos Central Admin there should be an alert or at least a dashboard visible icon showing that an XG is running on its backup link. This should be for cellular or any other link set to backup in the XG configuration.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Customer dashboard features  ·  Flag idea as inappropriate…  ·  Admin →
  12. Synchronize User Database inside a Group

    It would be a big profit, if we were able to synchronize the AD-Users over the central group to prevent the manual registration on every single firewall cluster. Especially if we need to add an administrator, it is currently needed to register the user on every device. Also changing passwords would be a burden with multiple firewalls. That must be centrally managed.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Group Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. Controll & Monitor Pattern Updates

    I am only able to run firmware updates on a managed XG. There is no option to install pattern updates (e.g. Access Points, REDs) on a specific date.

    For everything else that is auto-updated I would like to have an option to monitor failures and situations, where the device didn't find the latest patch. (I would like to have the logic inside of central. Central should compare the installed and available version of each pattern reported from a local device against the latest available version on the cloud.)

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Single device management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Enable hosts and services import from XG's, XML, and CSV

    Functionality in Central to import lists of everything found under the "hosts and services" area in XG's such as ip hosts, ip host groups, fqdn hosts, fqdn host groups, services, etc would enhance bulk management capabilities and reduce time required to deploy these. This should be possible to do from CSV + XML files and by querying managed XG's to directly import locally created hosts and services from those for deployment from Central to other XG's. Also see https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/33035827-import-fqdn-s-cidr-lists-from-csv-or-txt

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Group Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. weak cipher

    As we checked through the SSL checker, we observed that a weak cipher is in use. We enabled only TLS 1.2 Strong cipher through SOPHOS XG firewall and SOPHOS TAC current disabling weak cipher option is not available in SOPHOS XG GUI/Backend.

    VAPT Team also highlighted that even by mistake, Encryption & Ciphers must not be selected in all VPNs( Site-Site, Dialup, SSLVPN). So it must be disabled by hardening at the OS level.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Single device management  ·  Flag idea as inappropriate…  ·  Admin →
  16. The number of firewalls for a group should include the number of all firewalls of all its subgroups

    If you use groups, subgroups, and subgroups in those, the groups will only show the number of firewalls in that group. If you only have firewalls in subgroups of subgroups, the top group and subgroup will always show (0). The number should include all firewalls in subgroups of a group, and all the firewalls in their subgroup, so a group always shows the correct number of firewalls managed by that group, be it directly or per inheritance of policies.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Group Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. reordering, grouping and renaming of firewall rules

    since SFOS 17 we are able to
    - group firewall rules
    - move firewall rules aswell as groups to change their position (and therefore the processing order)
    - automatically assign firewall rules to the first matching group (if selected)

    in central firewall manager none of this is currently possible, i.e. groups are not supported and you cannot change the position of rules

    in addition you cannot rename a rule after it has been created

    all of this should be possible via central. In the current state rule handling is unusable for our customers.

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Group Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Access to Log Files

    For advanced debugging I need access to an appliance log files. Currently this is only available through the web console. It would be so perfect, if central would allow me to open an live trace and download option for the log files mentioned here: https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/LogFileDetails.html

    I don't need the files to be stored in central reporting. That would be cool - but is not needed for the moment. But with an option to run monitoring/machine learning on every single device log file (via Central API) would be a outstanding.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Partner dashboard features  ·  Flag idea as inappropriate…  ·  Admin →
  19. Report to show software version

    We managed over 120 Sophos XG firewalls for over 100 different customers. It would be nice to have a reporting option to show what software version is running on each firewall. This would enable us to easily check which of the Sophos XG firewalls that we manage are on the latest version and which ones need upgraded.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Partner dashboard features  ·  Flag idea as inappropriate…  ·  Admin →
  20. View Configuration of Offline Firewall

    It would be great to be able to view the configuration of an offline firewall, in the same way that SCFM and SFM provided. When a firewall is offline, it is incredibly helpful to be able to view its last-known config during the troubleshooting process.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Single device management  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.