SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Packet filter: allow wildcard subdomains

    Firewall packet filtering based on wildcard subdomains and reverse DNS resolution.

    Would like to allow/deny connections, using the packet filter, based on a wildcard subdomain (think *.example.com).

    7 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Websocket Support for Web Protection / Proxy

      this is self explaining and need no further details.

      3 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Increase Size of Root Partition or Allow an "Ignore Major Version Updates" Option

        Sophos will support multiple versions of the OS (e.g, v9.2x, v9.3x, v9.4x, and now, v.9.5x), but Up2Date forces down all higher level updates from any given version and fills up the Root partition resulting in an endless stream of nag warnings. The workarounds to avoid this problem are a nusience an a danger if I miss a critical update. If I have valid reasons for staying on a given supported version, Sophos should allow me to do so hassle-free. The Root partition could easily be quadrupled or quintupled from it's current size (6 GB is tiny in comparison to the…

        5 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • webserver protection waf download size

          When downloading a file from a Owncloud backend via the Sophos UTM WAF, no estimated time and no file size are displayed.
          The content-length header is probably not passed through here.
          Disabling WAF features or AV scanning does not change this.

          The Sophos WAF should determine the file size and display the estimated download time when supported by the backend.

          2 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Allow Maxiumum Session Time per User/Group

            The current 'Maximum Session Timeout' is only available to be applied globally - this should be allowed to be configured / applied for different authentication methods, or as part of a Group Configuration. This is to allow RADIUS users a different session to a Local User.

            11 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
            • Block via user agent

              Customer requesting to block traffic via user agent

              4 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Can we switch of the ssl weakness for WAF. Please do a server test at www.ssllabs.com and type a url from a site behind the WAF.

                Can we switch of the ssl weakness for WAF. Please do a server test at www.ssllabs.com and type a url from a site behind the WAF. you get this for all ssl v ersions

                TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 112
                TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 2048 bits FS WEAK 112
                TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK

                8 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • SUM (Sophos UTM Manager) needs a default root password

                  The CLI for SUM has a blank root password. If an administrator never goes to the CLI for SUM, he/she has no idea that this is a completely open system. This is incredibly unsafe and alarming for a company that sells security products. You should really hurry up and fix this as it is a vulnerability that is really embarrasing should someone publish it.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                  • IE 9 Browser Support for XG WebAdmin

                    I have had a request from a partner for us to add IE 9 Browser support for the Sophos XG WebAdmin if possible

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                    • Bandwith usage - hourly

                      During a day in different UTM i have peak of bandwith usage that slowdown all web traffic.
                      Is hard to find the pc that generated abnormal traffic specially if is http traffic.
                      Is possible to create a hourly filter in bandwith usage Tab?

                      2 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                      • Add new DynDNS service: https://spdyn.de

                        Update URL sample can be found under https://wiki.securepoint.de/SPDyn/Hostverwenden#Verwendung_mit_Fremdhardware.

                        Site is German but the page itself should be self-explanatory.

                        It would however be the best option to provide a full configurable custom dynamic DNS to the customers. It should be that hard to implement a custom URL using predefined variables.

                        Thanks!

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                        • DHCP Option 60 & 61

                          Addition of DHCP option 60 & 61 to allow connection of UTM to Sky Fibre. Sky uses these options for router identification and the username / logon details for the broadband service.

                          2 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                          • reflexion

                            Enterprise override of users unchecking "Activate Security".

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • dhcp snmp

                              Add support to monitor the dhcp leases via snmp.

                              Maybe this is easily possible by adding something like this:
                              https://github.com/ohitz/dhcpd-snmp

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
                              • Application Control: Block Brave Browser

                                Please block Brave Browser. We have students that are using it to play games, get around policies, etc..

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                                • Enable Header Matching of Data Protection Custom Rules

                                  To match the functionality of the Sophos E-Mail-Appliance more closely, it would be helpful if it was possible to match E-Mail Headers with the Custom Rules of the Data Protection Engine.

                                  This would allow triggering SPX-Encryption by marking the E-Mail as confidential or trigger on words ONLY in the subject, not in the body.

                                  Two examples that work on the Sophos E-Mail-Appliance but do not work on the Sophos UTM:
                                  Subject: .*\[ENC\].*
                                  Sensitivity: company-confidential

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Support for Wireless Password Sync with Hotspot POD in VLAN environment

                                    After spending a great deal of time trying to get this working in my current VLAN environment.

                                    I eventually found an obscure line in the online help file that says: "Synchronize password with PSK of wireless networks (only with Hotspot type Password of the day): Select this option to synchronize the new generated/saved password with wireless PSK for separate zone networks."

                                    This should be supported by the VLAN network in a corporate environment by default.

                                    2 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Readonly Account for Mailmanager

                                      At the Moment, it is not possible to give an account read only rights for the Mailmanager.

                                      The possibility would be very helpful.

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Forms Authentication fallback to Basic Authentication for non-browser applications

                                        If the UserAgent provided by the client is not a web browser, fall back to Basic Authentication, instead of presenting the Forms Authentication. This is a feature present in ISA 2006 and TMG 2010.

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • 'Skip remote lookups for clients with bad reputation' - configurable cached clean up

                                          With 'Skip remote lookups for clients with bad reputation' option, Sophos will use cached information instead of online checks which is fine, but we need to be able to configure how long Sophos keep this cached information.

                                          As the online database updated all the time, there should be a configuration to clear up cached information, for example every 24 hours.

                                          Currently, I was told by Sophos support that I have disable this temporarily and re-enable it to clear out the previously cached information.

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.