Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

Kimmo

My feedback

  1. 89 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    Kimmo supported this idea  · 
  2. 109 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  XG Firewall » Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Kimmo commented  · 

    Surprised this is missing!

    Kimmo supported this idea  · 
  3. 9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    Kimmo supported this idea  · 
  4. 148 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    Kimmo supported this idea  · 
  5. 50 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  XG Firewall » Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Kimmo supported this idea  · 
  6. 172 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    19 comments  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    Kimmo supported this idea  · 
  7. 44 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    Kimmo supported this idea  · 
  8. 43 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    Kimmo supported this idea  · 
    An error occurred while saving the comment
    Kimmo commented  · 

    Rather drop whole per user configuration mess and use shared certificate so that it can be deployed to multiple machines.

    As most are using some 2 face authentication this should not be security issue.

    As many have pointed out XG is not enterprise or even SMB ready with current SSL VPN solution.

  9. 24 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    Kimmo supported this idea  · 
    An error occurred while saving the comment
    Kimmo commented  · 

    To J Brunner:

    It it not very secure to basically have users with local admin rights to be able to install the VPN client + certificates. As it cannot be deployed globally with current configuration.

    There should be option to disable user certificates and use global one. Make a warning appear when this option is being chosen.
    When used together with OTP password I cannot see how this would be more insecure than giving users admin rights to computers.

    Why other manufacturers have this option for SSL VPN (Like FortiGate) if it considered insecure.

    XG is just not enterprise ready with this solution. Forcing to use IPsec VPN etc is not a solution as these ports are blocked for example from China. Only option is to use SSL VPN on port 443.

  10. 100 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    Kimmo supported this idea  · 
    An error occurred while saving the comment
    Kimmo commented  · 

    As posted on other suggestion. Reasoning for having client certificates is that shared certificate is consider insecure by OpenVPN. How on earth makes grating administrator access to local computers thins any more secure as that is what is needed with current SSL VPN implementation.

    No one runs around asking 100's of users to log in to user portal download client and then enter administrator credentials to install the software.

    XG is far from enterprise ready. I understand you can do it for 20 users or so with a 100eur firewall. But when you pay 30 000 eur for FW and licenses and still having to do this is a big joke.

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.