Sophos Ideas

Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

Stuart Hatto, XG Product Manager

← Sophos Ideas

My feedback

  1. Do not auto-reboot RED in Standard/Split configuration

    34 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    3 comments  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Stuart Hatto, XG Product Manager commented  · 

    Hi Angel, thank you for your suggestion. This capability is under consideration at this time. It is likely that as we move RED management into Central that the RED device will need a local configuration backup. This will eliminate the need for RED to contact the XG gateway for configuration.

    This is still a roadmap item and at this time no timeframe is committed.
    Thanks again for your suggestion,
    Stuart

  2. Geo Blocking

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Stuart Hatto, XG Product Manager commented  · 

    Kenya and Kyrgyzstan are both included in the GeoIP DB under Africa and Asia

  3. Add GCM Ciphers

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Stuart Hatto, XG Product Manager commented  · 

    GCM and Suite-B Cipher Suites are in our roadmap and under consideration for v18.5 but not yet committed.

  4. Want to block files & folders through SSL VPN

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Stuart Hatto, XG Product Manager commented  · 

    Can you expand on this please?

    If you are allowing access via SSLVPN and have set your firewall rules to allow access how do you envisage that the XG firewall would stop copy and paste of data? This is an issue better policed with an Acceptable Use Policy.

    You can block the copying of files and folders in a firewall policy associated to the SSLVPN users - block access to SMB, NFS etc. If you allow these protocols in your policy then the firewall cannot block these activities

  5. SMTP authenticated relay on Sophos XG

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Stuart Hatto, XG Product Manager commented  · 

    Mobile devices should use TCP 587 (submission) to send eMails, not SMTP, submission implies authentication. https://en.wikipedia.org/wiki/SMTP_Authentication#Role_in_the_mail_transport_system
    https://en.wikipedia.org/wiki/Message_submission_agent

    RFC6409 defines Message Submission and is the current Internet Standard – it is updated by RFC 8314 which mandates encryption for Submission. (currently a proposed standard)

    We added TCP587 to the SMTP(S) service object in v17.5 and so this can be used to direct traffic to the internal MTA via a firewall rule and DNAT.

    This would therefore be rejected as a feature request.

    XG does support authenticated relay for MTA to MTA of course.

    Stuart Hatto
    XG Product Manager

Feedback and Knowledge Base

(thinking…)
icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.