Firewall Management in Central

Suggest, discuss, and vote on new ideas for Firewall Management in Sophos Central. Powerful enterprise and multi-customer management for Sophos XG Firewall.


Firewall Management in Central

Suggest, discuss, and vote on new ideas for Firewall Management in Sophos Central. Powerful enterprise and multi-customer management for Sophos XG Firewall.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Import firewall settings to create a group

    As a sophos customer, I would like to be able to export the configuration from a single firewall, and use that as the starting point for a new firewall group's configuration

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Sophos Connect VPN Client Independent Management Feature

    When users are disconnecting/connecting, XG fires email alerts and reports to Sophos Central that IPSec tunnel went down or IPSec Tunne Reconnected. This times all users operating with this client get over-reported (false positive). We use site to site VPN to other sites, so turning off these alerts is not an option. I would strongly suggest being able to manage the client's VPN alerts independently.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Integrate firewall licensing into Sophos Central

    I would like to have just one portal to manage my firewalls and their licenses. Integrating firewall licensing into Sophos Central, would also simplify account management, and license visibility among all of my administrators.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Manage individual firewall configuration directly in Central

    I would like to manage individual firewall configuration directly in Central, so I can fully configure a device before it has even been deployed, and so that group management can be improved with smarter dynamic objects, and to more easily share configuration already made on one firewall, with other firewalls, and more easily swap in an RMA replacement firewall.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. reordering, grouping and renaming of firewall rules

    since SFOS 17 we are able to
    - group firewall rules
    - move firewall rules aswell as groups to change their position (and therefore the processing order)
    - automatically assign firewall rules to the first matching group (if selected)

    in central firewall manager none of this is currently possible, i.e. groups are not supported and you cannot change the position of rules

    in addition you cannot rename a rule after it has been created

    all of this should be possible via central. In the current state rule handling is unusable for our customers.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Group Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Sophos XG Cluster

    it would be important so be able to identify (and modify) a XG-Cluster and its state in Central.
    Actually a cluster-member is marked as not available, which, in fact, is not quite the correct system state of a A-P-Cluster Member (for the backup-device)

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Customer dashboard features  ·  Flag idea as inappropriate…  ·  Admin →

    We are working on improvements to support of HA firewalls, and will release this in two stages. Stage one will be available in a amatter of days, allowing both members of an HA pair to be registered to Central, and placed in the same management group.

    Phase 2 will follow in a matter of months, and will make joining both devices to Central easier, and will show members of an HA pair as a single logical device in Central, reflecting the HA state, current primary device, etc..

  7. Visibly show when an XG backup circuit is in use in Central Admin

    When working with firewall management for Sophos XG firewalls within Sophos Central Admin there should be an alert or at least a dashboard visible icon showing that an XG is running on its backup link. This should be for cellular or any other link set to backup in the XG configuration.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Customer dashboard features  ·  Flag idea as inappropriate…  ·  Admin →
  8. Move and copy firewall groups

    I am in the process of setting up groups for my locations and just came to the realization that I should place another group in between my current top level and children. Unfortunately, this means that all of the configuration that I've already completed on the children will need to be redone on newly created groups. Thankfully, I'm early in the process, but this still represents several days of work to get them synced.

    I would like to see the ability to move groups within the hierarchy, or at least provide a way to export/import or copy group policies to…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Group Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. Creation and editing of existing VPN configuration for Firewall Group

    Allow creation of new VPN configurations and editing of existing VPN's.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Group Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Be able to disconnect VPN users

    To have the ability in Remote Access management to disconnect vpn users that have gone idle.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Customer dashboard features  ·  Flag idea as inappropriate…  ·  Admin →
  11. Use AD users and groups from Central account in group firewall policies

    I want to be able to create user-based policies for my firewall groups, using the AD users and groups that Central already knows about.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Lock objects and policies on XG created by firewall management

    I would like to restrict changes to objects and policies created from a firewall group, to protect them from local conflicts or accidental overrides. Objects and polices should be view-able but not editable when logged into the firewall locally, and it should be possible to pin firewall and NAT rules to the top or bottom, to better preserve the rule order.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Configure and Manage VPN Communities

    With our previous firewall vendor, we were able to configure VPN communities and then push this configuration out to all of the involved devices. In doing so, we would only have to configure a few parameters, and all of the required VPN connections would automatically be built.

    In the previous case, this was controlled separate from the firewall policy. A similar method would be to have a special VPN group where you could note which devices should participate. Central would then determine all of the VPN connections that needed to be created and execute the changes necessary to bring them…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Group Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. VPN connections indicators

    When customer has a lot of users working remotely via VPN to the XG it'd be nice to have some report indicating for a chosen period of time, the time of 1st connection started, time of last connection ended and total amount of time conected. When remote access is the only way to work this can serve as a kind of audit of working time for some professional profiles. So far I guess reports include amount of times and number of times. Log can show active connections and starting time of the active connections. This is complementary info

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Customer dashboard features  ·  Flag idea as inappropriate…  ·  Admin →
  15. Improved Zero Touch deployment

    I would like to be able to deploy new firewalls using the Zero Touch deployment option, but not require a using USB stick, to apply the initial configuration.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Central Firewall Manager Alert Policy Editing

    Please allow other admins to edit the Alerts profiles in CFM. Currently, only the admin that created a Alert Profile can edit that profile.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Group Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Rename Objects and Description field

    It would be very helpful to be able to rename objects that have been created as changes are often required. I would also suggest the addition of a description field.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Group Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. VPN Orchestration

    I would like to automate creation of VPN tunnels between firewalls managed in my Sophos Central account.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Customer dashboard features  ·  Flag idea as inappropriate…  ·  Admin →
  19. Adding Firewalls to Sophos central using a Partner Super Admin Account

    It would be really great if adding firewalls to Sophos central is done in a different way instead of just using a local super admin account. We are an MSP with various customers that have Sophos central.

    Adding a local super admin account on each customer we have is not ideal. It means we need to have a separate active email account for each customer which is ridiculous, what if we have 100 customers, it defeats the purpose of ease of central management for MSPs.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Partner dashboard features  ·  Flag idea as inappropriate…  ·  Admin →
  20. MSP

    When you pull an MSP report from Sophos Central XG Firewall Dashboard for MSP XG License usage, It would be an idea that the report also pulls through the company name and company contact details on the report, instead of just the rest of the address and XG Serial number. Sophos support advised that Sophos does not currently support this feature.

    I think company name and company contact would be useful, so resellers easily know who your billing, instead of looking up the serial number every time to see who the XG firewall belongs to.

    This was suggested as a…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Customer dashboard features  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.