Firewall packet filtering based on wildcard subdomains and reverse DNS resolution.
Would like to allow/deny connections, using the packet filter, based on a wildcard subdomain (think *.example.com).7 votes
this is self explaining and need no further details.3 votes
Sophos will support multiple versions of the OS (e.g, v9.2x, v9.3x, v9.4x, and now, v.9.5x), but Up2Date forces down all higher level updates from any given version and fills up the Root partition resulting in an endless stream of nag warnings. The workarounds to avoid this problem are a nusience an a danger if I miss a critical update. If I have valid reasons for staying on a given supported version, Sophos should allow me to do so hassle-free. The Root partition could easily be quadrupled or quintupled from it's current size (6 GB is tiny in comparison to the overall drive size), or, even better, allow a "Ignore Major Version Updates" checkbox option on the U2Date page. Then, If I am on v9.3x, I get updates for only v9.3x, and if I want to upgrade to a higher version, I can just uncheck the box.
Sophos will support multiple versions of the OS (e.g, v9.2x, v9.3x, v9.4x, and now, v.9.5x), but Up2Date forces down all higher level updates from any given version and fills up the Root partition resulting in an endless stream of nag warnings. The workarounds to avoid this problem are a nusience an a danger if I miss a critical update. If I have valid reasons for staying on a given supported version, Sophos should allow me to do so hassle-free. The Root partition could easily be quadrupled or quintupled from it's current size (6 GB is tiny in comparison to the…5 votes
When downloading a file from a Owncloud backend via the Sophos UTM WAF, no estimated time and no file size are displayed.
The content-length header is probably not passed through here.
Disabling WAF features or AV scanning does not change this.
The Sophos WAF should determine the file size and display the estimated download time when supported by the backend.2 votes
The current 'Maximum Session Timeout' is only available to be applied globally - this should be allowed to be configured / applied for different authentication methods, or as part of a Group Configuration. This is to allow RADIUS users a different session to a Local User.11 votes
Customer requesting to block traffic via user agent4 votes
Can we switch of the ssl weakness for WAF. Please do a server test at www.ssllabs.com and type a url from a site behind the WAF.
Can we switch of the ssl weakness for WAF. Please do a server test at www.ssllabs.com and type a url from a site behind the WAF. you get this for all ssl v ersions
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 112
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 2048 bits FS WEAK 112
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK8 votes
The CLI for SUM has a blank root password. If an administrator never goes to the CLI for SUM, he/she has no idea that this is a completely open system. This is incredibly unsafe and alarming for a company that sells security products. You should really hurry up and fix this as it is a vulnerability that is really embarrasing should someone publish it.1 vote
I have had a request from a partner for us to add IE 9 Browser support for the Sophos XG WebAdmin if possible1 vote
During a day in different UTM i have peak of bandwith usage that slowdown all web traffic.
Is hard to find the pc that generated abnormal traffic specially if is http traffic.
Is possible to create a hourly filter in bandwith usage Tab?2 votes
Update URL sample can be found under https://wiki.securepoint.de/SPDyn/Hostverwenden#Verwendung_mit_Fremdhardware.
Site is German but the page itself should be self-explanatory.
It would however be the best option to provide a full configurable custom dynamic DNS to the customers. It should be that hard to implement a custom URL using predefined variables.
Addition of DHCP option 60 & 61 to allow connection of UTM to Sky Fibre. Sky uses these options for router identification and the username / logon details for the broadband service.2 votes
Enterprise override of users unchecking "Activate Security".1 vote
Add support to monitor the dhcp leases via snmp.
Maybe this is easily possible by adding something like this:
Please block Brave Browser. We have students that are using it to play games, get around policies, etc..2 votes
To match the functionality of the Sophos E-Mail-Appliance more closely, it would be helpful if it was possible to match E-Mail Headers with the Custom Rules of the Data Protection Engine.
This would allow triggering SPX-Encryption by marking the E-Mail as confidential or trigger on words ONLY in the subject, not in the body.
Two examples that work on the Sophos E-Mail-Appliance but do not work on the Sophos UTM:
Sensitivity: company-confidential1 vote
After spending a great deal of time trying to get this working in my current VLAN environment.
I eventually found an obscure line in the online help file that says: "Synchronize password with PSK of wireless networks (only with Hotspot type Password of the day): Select this option to synchronize the new generated/saved password with wireless PSK for separate zone networks."
This should be supported by the VLAN network in a corporate environment by default.2 votes
At the Moment, it is not possible to give an account read only rights for the Mailmanager.
The possibility would be very helpful.1 vote
If the UserAgent provided by the client is not a web browser, fall back to Basic Authentication, instead of presenting the Forms Authentication. This is a feature present in ISA 2006 and TMG 2010.1 vote
With 'Skip remote lookups for clients with bad reputation' option, Sophos will use cached information instead of online checks which is fine, but we need to be able to configure how long Sophos keep this cached information.
As the online database updated all the time, there should be a configuration to clear up cached information, for example every 24 hours.
Currently, I was told by Sophos support that I have disable this temporarily and re-enable it to clear out the previously cached information.1 vote
- Don't see your idea?