SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Quota Management

    must add in User identity after user finish Quota Automatic to change speed to low speed
    like i have Speed 2M and i have 10GB after finish 10 GB user lower speed liken 512k
    with new limit after finish it internet off

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
    • Smartcard Support for SSL VPN

      I want to use the same pki based Smartcard for SSLVPN that i use for Windows and Safeguard Enterprise

      2 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
      • Real time bandwidth usage for firewall rules

        Add a method to check the real time bandwidth usage for firewall rules.

        So users can distinguish which rule uses the most bandwidth and set the proper QoS for it.

        5 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
        • Web Ser

          Currently, the only way to enable SSTP is to use a DNAT rule and forward the entire 443 (HTTPS) traffic to an internal VPN server. This effectively "blocks" the use of 443 for anything else - be it Web Admin, User Portal, any virtual web server.

          Forefront TMG makes it possible to forward SSTP VPN connections easily to a SSTP VPN server (it's a shame a built-in SSTP is not available in UTM, but that's a different request altogether), making it possible to use other services on the default HTTPS port.

          Since Sophos UTM is advertised as a Forefront replacement…

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Temporary whiltelist for web filtering with auto remove when site is re-categorised.

            When encountering a site that is incorrectly blocked by Web Filtering, place an entry in a temporary white-list (or just in the Allow These Websites list) to allow access. User then would submit a request back to Sophos to have the site looked at and re-classified.

            Once UTM detects the category change, send administrator an email and automatically remove it from the white-list.

            This helps reduce duplication where a site category may change but it is still white-listed.

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • PCI Compliance UTM Requires SMBv1

              The UTM Requires SMBv1 which is not PCI compliant, we are required to pass PCI Compliance scans yearly and need to have the UTM updated to use a more secure PCI compliant protocol.

              2 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
              • to add the option connection Inactivity Timeout for a specific NAT rule

                to add the option "connection Inactivity Timeout" for a specific NAT rule either in GUI or terminal

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                • Enable users to reset their domain user password using Web Mail

                  There are many companies that force employees to reset domain user passwords very often. Now, when employees need to access mail using their Web Mail and their password has expired they will have to call IT to reset their password, but if working hours has finished and there is no IT personnel in the office, or maybe it's weekend, which is even worse, they will have to wait until next working day so that IT can help. In situation like this, enabling users to reset their domain account password using Web Mail Portal, like Microsoft TMG does, would help.

                  22 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Parent Proxy sequence option

                    Need sequence option for Parent Proxy (like a Firewall Rule - from first to last)
                    Example:
                    1. URL= www.test.org -> forwarding Parent Proxy ProxyA
                    2. URL= *.test.org -> forwarding Parent Proxy ProxyB
                    3. URL= *.*.org -> forwarding Parent Proxy ProxyC

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Iview 2 Radius RSA-secure-id

                      Iview 2 supports only radius chap authentication. We like to use RSA secure-id because we are using this also with our Sophos UTM 9.4x appliances.

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                      • Sophos Central - increase days email is kept in quarantine

                        Please give us the ability to change the default 14 day quarantine retention to at least 30 days.

                        4 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Detect port scans using an XG and automatically block the source IP

                          The XG firewall should be able to detect port scans when they occur and then have the ability to block the source IP.

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Shud be a Feature to block spam emails instead quarantine, if its with diff IP, Subject but if email body contains Repeated Words

                            There should be a Feature added to Block the emails with email body Containing some repeatedly words. As for example, on of our client receives email with different ip's, different subject but always the body contains the letters "Canadian-Pills" and he always asks us to block it. When contacted Support, they asked us to either block Domain, IP from where they are receiving.

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • PureMessage UNIX: Quarantine notifcation with release link

                              Customer would like to be able to integrate a link for releasing a mail from quarantine with a template variable within notifications - similar to the release_href in the digest-spam.tmpl.

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • allow to disable userportal when OTP is enabled

                                i want to turn the user portal off for security and to stop users downloading vpn software to any computer - but if OTP is enabled i get 'OTP users cannot access auto-created tokens in user portal' - so my work around it to turn off auto generate OTP then turn off the portal but this makes it hard to turn back on

                                i want to be able to turn the user portal off no matter what

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  1 comment  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                • UTM\SG Test for Document, PDF, EXCEL and exec file on Sophos Side

                                  It can be very convenient to have option Open\Review file on Sophos UTM /SG side before download to computer and review file.For example you received a file and customer not sure if there some mail-ware to another threads, he can actually review file directly in Sophos UTM\SG or file will be transferred to Sophos LAB and reviewed there by a same user.Just Emulation of OS where you able to review files
                                  Is not Sandstorm it actually emulation on files

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • create updated visio stencils for the XG platform for use with Visio 2013 and newer.

                                    create updated visio stencils for the XG platform for use with Visio 2013 and newer.

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                    • VPN: Local VPN ID choices with IPsec PSK

                                      This has been marked as "completed" but to my understanding is only half complete.
                                      Having multiple IPSec site-to-site tunnels autheticated by PSK, one still can't freely choose the ID for each tunnel.

                                      Given I have multiple tunnels to customer networks (where I can't change the ID Type expected for my host)
                                      some expect me to give the external IP as Peer ID others expect the hostname (which sometimes doesn't even match the real one)
                                      Under current 9.4 I can only set my ID once for all tunnels but not individually per tunnel.
                                      So any Connection should also allow to edit…

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                      • allow local ssh to EMA

                                        allow local ssh to EMA

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • DHCP Duplicate IP Detection

                                          Have the UTM DHCP server ping the IP address before attempting to issue it like Windows DHCP Server, to avoid an IP conflict. e.g. static address within DHCP scope.

                                          Currently, if the UTM offers an IP address that already exists on the network the client sends a DHCP Decline, however the UTM will continue attempting to issue the same IP and the client will get stuck in this loop.

                                          25 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.