Sophos Ideas

Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

TheMachineWhisperer

← Sophos Ideas

My feedback

  1. Azure Directory Service for Authentication

    79 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    13 comments  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    TheMachineWhisperer supported this idea  · 

  2. Allow Central user portal login using AD credentials via XG Firewall

    2 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    TheMachineWhisperer commented  · 

    Seconded.

    The current central XG management which automatically uses the local administrator account for XG is not conducive to auditing and segregation of duties.

    Changes made are only attributed to the admin account and not recorded in an audit log per-user in central.

    The remote management connectivity to XG should either require a separate login to the XG with per-user credentials for the specific user, or should pass through user details from central to the XG for auditing.

    At the moment there is no granularity in central management as there is with local webadmin on 4444 where admin roles can be created to delegate access levels per-user.

    In advanced use cases it is desirable to provide first line support with access to XG via central, but only with a helpdesk role or low level access to webadmin.

    TheMachineWhisperer supported this idea  · 

  3. Assigning Multiple Groups to a Single User

    87 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    TheMachineWhisperer supported this idea  · 

  4. Customization in User Portal

    452 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    25 comments  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    TheMachineWhisperer commented  · 

    In UTM the ability to hide / disable portal categories is really useful for enterprise deployments. This absence of this feature in XG is really notable.

    TheMachineWhisperer supported this idea  · 

  5. Sophos Switches with Synchronized Security

    3 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    2 comments  ·  XG Firewall » Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    TheMachineWhisperer commented  · 

    You make a good point about the value of detection and enforcement at switch level.

    I'm not sure Sophos getting into expanding their focus from the core endpoint / boundary enforcement into switching would be a good move though. I think Sophos' strength is that it has product focus, it hasn't gone down the route some vendors have e.g. the "Forti-everything" approach.

    Looking at methods of integrating Sophos protections from central endpoint / XG with existing best of breed switches might be a better approach. The APIs for XG and central could already be used with vendor agnostic switch management software suites to achieve this.

    API says endpoint health has gone red, API knows endpoint IP and MAC, switch management integration to API picks up the change, identifies access port by MAC, applies ACL to port to restrict traffic only to the XG, XG restricts communication only to Sophos to support EDR / endpoint recovery.

    Cisco are trying to do something similar as an eco-system with their ISE product.

  6. VPN access to Guest users

    2 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    TheMachineWhisperer commented  · 

    Seconded, ability to create auto-expiring guest SSL VPN profiles with connection number and time restrictions for specific access requirements like temporary supplier remote support would be ideal.

    TheMachineWhisperer supported this idea  · 

  7. Weak hand shake - SSL VPN

    40 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    TheMachineWhisperer supported this idea  · 

  8. TLS 1.2 support for SSL VPN

    49 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    2 comments  ·  XG Firewall » Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    TheMachineWhisperer supported this idea  · 

  9. Harden SSL VPN (OpenVPN) Configuration

    9 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    2 comments  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    TheMachineWhisperer supported this idea  · 

  10. Update SSL VPN Client for Parity with Latest OpenVPN Features

    9 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    TheMachineWhisperer shared this idea  · 

  11. Allow custom OpenVPN parameters in SSLVPN configuration

    11 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    TheMachineWhisperer supported this idea  · 

  12. Expose more OpenVPN Configuration Options

    10 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    TheMachineWhisperer supported this idea  · 

  13. Update SSL VPN to newest OpenVPN version.

    38 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    2 comments  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    TheMachineWhisperer supported this idea  · 
    An error occurred while saving the comment
    TheMachineWhisperer commented  · 

    +1 client version too please not just server for features available in the latest OpenVPN client like pull filter

  14. VPN site-to-site monitoring via SNMP

    8 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    TheMachineWhisperer supported this idea  · 
    An error occurred while saving the comment
    TheMachineWhisperer commented  · 

    +1 But also for SSL VPN connections

  15. Power supply: SNMP and Web UI monitoring

    19 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    3 comments  ·  XG Firewall » Hardware  ·  Flag idea as inappropriate…  ·  Admin →
    TheMachineWhisperer supported this idea  · 

  16. enable button on vpn ssl (remote access)

    3 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    TheMachineWhisperer supported this idea  · 

  17. Support for HSM to Protect XG Appliance Private Keys

    2 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    TheMachineWhisperer shared this idea  · 

  18. Use FQDN hosts and host groups in all policies and services

    12 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    3 comments  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    TheMachineWhisperer commented  · 

    Agreed.

    Anywhere a host entry can be configured should permit all host/group types.

    For me specifically FQDN entries should be allowed in Device Access Local service ACL exception rules too.

    TheMachineWhisperer supported this idea  · 

  19. Allow monitor-only connection to Central Firewall Manager

    3 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  XG Firewall » Central Management  ·  Flag idea as inappropriate…  ·  Admin →
    TheMachineWhisperer shared this idea  · 

  20. Allow Configuration of DHCP Options

    453 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    18 comments  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    TheMachineWhisperer supported this idea  · 
    An error occurred while saving the comment
    TheMachineWhisperer commented  · 

    Also need this to encompass being able to push DHCP options via the SSL VPN which does not have a typical DHCP server scope as with normal subnets on physical interfaces.

← Previous 1

Feedback and Knowledge Base

(thinking…)
icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.