Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

AdminStuart Hatto, XG Product Manager (Admin, Sophos Features & Ideas Laboratory)

My feedback

  1. 4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment

    Oliver, this is on our backlog but no commit date as yet

    Stuart

  2. 972 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  105 comments  ·  XG Firewall » Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment

    Let's Encrypt support is in our current (2021) backlog, and we are currently planning the supporting version. No committed delivery at this time. We do understand the usefulness of the feature.

    Stuart

  3. 41 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment

    Wanted to respond that the RN (https://docs.sophos.com/nsg/sophos-firewall/18.0/releasenotes/en-us/nsg/sfos/releaseNotes/MR3.html) documents this well. Also the CLI guide has been updated.

  4. 20 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  XG Firewall » Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment

    Hi, the RFCs do allow for the sending of a reject message, but only before the connection is dropped. So after the DATA transfer is ended, we could scan the content, determine it was spam and send a 550 (reject for policy reasons) to the sender, then close the connection. I see a couple of issues I need to think through. Firstly, scanning of an attachment, especially using Sandstorm could take a considerable period of time - I have a concern on resource exhaustion. Second, if the mail is delivered via an intermediate relay it will be the relay that gets the reject, not the originating sender.

    I have asked our XG MTA engineering team to have a look at this for possible inclusion. The usual caveats apply, this is not a commitment, and I have no timescales.

    Stuart

  5. 34 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment

    Hi Angel, thank you for your suggestion. This capability is under consideration at this time. It is likely that as we move RED management into Central that the RED device will need a local configuration backup. This will eliminate the need for RED to contact the XG gateway for configuration.

    This is still a roadmap item and at this time no timeframe is committed.
    Thanks again for your suggestion,
    Stuart

  6. 4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment

    Kenya and Kyrgyzstan are both included in the GeoIP DB under Africa and Asia

  7. 7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment

    GCM and Suite-B Cipher Suites are in our roadmap and under consideration for v18.5 but not yet committed.

  8. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment

    Can you expand on this please?

    If you are allowing access via SSLVPN and have set your firewall rules to allow access how do you envisage that the XG firewall would stop copy and paste of data? This is an issue better policed with an Acceptable Use Policy.

    You can block the copying of files and folders in a firewall policy associated to the SSLVPN users - block access to SMB, NFS etc. If you allow these protocols in your policy then the firewall cannot block these activities

  9. 13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  XG Firewall » Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment

    Mobile devices should use TCP 587 (submission) to send eMails, not SMTP, submission implies authentication. https://en.wikipedia.org/wiki/SMTP_Authentication#Role_in_the_mail_transport_system
    https://en.wikipedia.org/wiki/Message_submission_agent

    RFC6409 defines Message Submission and is the current Internet Standard – it is updated by RFC 8314 which mandates encryption for Submission. (currently a proposed standard)

    We added TCP587 to the SMTP(S) service object in v17.5 and so this can be used to direct traffic to the internal MTA via a firewall rule and DNAT.

    This would therefore be rejected as a feature request.

    XG does support authenticated relay for MTA to MTA of course.

    Stuart Hatto
    XG Product Manager

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.