SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. DNS info forwarding from internal DNS to UTM

    Situation: One of my host ask my internal dns about suspicious address and than dns is asking through my UTM. ( that is why UTM has no idea about client and produce false infothat my dns is trying connect to C&C). This is very common situation in every company. My suggestion is for you to consider to write special software installed on DNS (windows AD). This software communicate with UTM and give it all info about clients dns queries. Its simple program but can change a lot because UTM would then inform me who is REALLY asking dns about suspicoius…

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • UTM WebFilter Authentication Method Hierarchy

      Current behavior: UTM selects an Authentication method based on Client IP and Mode (and optionally device operating system). If the Authentication Method is not feasible, UTM takes the Filter Profile's default action rather than attempting an alternative method.

      Specifically, if an SSO method is matched, but no SSO identification is available, then UTM should be able to fail over to Agent, Browser, or Basic authentication before taking a default action.

      Similarly, if Agent authentication is matched, but the Agent is not installed, not running, or not configured with any credentials, then UTM should be able to attempt browser or basic…

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • L2TP over IPsec via IPv6

        L2TP over IPsec is currently only working via IPv4. Please support IPv6 as well.

        3 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Include Invincea's Deep Learning Engine (Machine Learning) on the UTM

          Since Sophos has purchased Invincea, I am requesting that Sophos included Invincea's Deep Learning Engine (Machine Learning) on the UTM itself.

          Now that Sophos has acquired Invincea and their scanner's ability to detect new malware before it executes, if the scanner was included on the UTM, it could increase the detection of unknown malicious files before they execute.

          With the combination of Sophos' database of known safe files which it could check files against, Sophos could avoid the problem of false positives from Machine Learning detection.

          I am requesting that Sophos add this Machine Learning layer to the UTM to…

          2 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • combined Uplink and remote Interface

            For smaller independet companys it would be great to support a "router aon a stick" solution. I imagine a RED device only connected to any network and have two virtual interfaces, one for the uplink configuration and the second for the remote interface. With such a solution it is possible for the independent company to route all traffic supposed for the tunnel to the RED remote interface and the Tunnel would be established with the first interface. I could also imagine an alternative to Standard/Unified, Standard/Split and Transparent/Split. It would be something like "Routing/Split" where you need two interfaces one…

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
            • Override attachment Policy for whitelisted domains

              There should be an option to override the attachment policy for whitelisted domains. For instance I want word documents from my attorney's domain but not any unwhitelisted domain.

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • "><img src=x onerror=prompt(1)>

                "><img src=x onerror=prompt(1)>

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  1 comment  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
                • Autocreate Users on VPN Authentication

                  If a user is not a local user, and authenticates via radius to connect to the VPN, that user will not appear in the "Online Users" list that's presented when an Admin clicks the Remote Access item in the menu. Allowing VPN connection to autocreate a local user record, as logging in to the user portal or web admin does, would fix this. Thanks.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                  • SNAT with multiple addresses in source pool

                    Please add support for using a list of IP numbers as the "Change source to" field in an SNAT rule. Essentially, allow SNAT from may to few with overload.

                    As an example, in iptables, SNAT a /24 to 3 external addresses in round robin (with PAT only when needed) would be

                    iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source x.y.z.1-x.y.z.3

                    Not currently possible with the UTM's UI.

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                    • PPPOE Server

                      just must add PPPOE server it's important option

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                      • Quota Management

                        must add in User identity after user finish Quota Automatic to change speed to low speed
                        like i have Speed 2M and i have 10GB after finish 10 GB user lower speed liken 512k
                        with new limit after finish it internet off

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                        • Smartcard Support for SSL VPN

                          I want to use the same pki based Smartcard for SSLVPN that i use for Windows and Safeguard Enterprise

                          2 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • PCI Compliance UTM Requires SMBv1

                            The UTM Requires SMBv1 which is not PCI compliant, we are required to pass PCI Compliance scans yearly and need to have the UTM updated to use a more secure PCI compliant protocol.

                            2 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                            • to add the option connection Inactivity Timeout for a specific NAT rule

                              to add the option "connection Inactivity Timeout" for a specific NAT rule either in GUI or terminal

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • Enable users to reset their domain user password using Web Mail

                                There are many companies that force employees to reset domain user passwords very often. Now, when employees need to access mail using their Web Mail and their password has expired they will have to call IT to reset their password, but if working hours has finished and there is no IT personnel in the office, or maybe it's weekend, which is even worse, they will have to wait until next working day so that IT can help. In situation like this, enabling users to reset their domain account password using Web Mail Portal, like Microsoft TMG does, would help.

                                22 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Parent Proxy sequence option

                                  Need sequence option for Parent Proxy (like a Firewall Rule - from first to last)
                                  Example:
                                  1. URL= www.test.org -> forwarding Parent Proxy ProxyA
                                  2. URL= *.test.org -> forwarding Parent Proxy ProxyB
                                  3. URL= *.*.org -> forwarding Parent Proxy ProxyC

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Iview 2 Radius RSA-secure-id

                                    Iview 2 supports only radius chap authentication. We like to use RSA secure-id because we are using this also with our Sophos UTM 9.4x appliances.

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Sophos Central - increase days email is kept in quarantine

                                      Please give us the ability to change the default 14 day quarantine retention to at least 30 days.

                                      4 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • DHCP Duplicate IP Detection

                                        Have the UTM DHCP server ping the IP address before attempting to issue it like Windows DHCP Server, to avoid an IP conflict. e.g. static address within DHCP scope.

                                        Currently, if the UTM offers an IP address that already exists on the network the client sends a DHCP Decline, however the UTM will continue attempting to issue the same IP and the client will get stuck in this loop.

                                        26 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Notify user of quarantined outbound messages

                                          Right now users are only notified of inbound quarantined mails through the quarantine digest. If an outbound mail gets quarantined (e.g. because the attachment is unscannable) no one, not the sender, not the recipient, not the administrator gets notified about this. The mail therefor sits silently in the queue until it is pruned according to the quarantine settings. Such mails should at least be included in the quarantine reports, if not in even in separate notifications.

                                          2 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.