SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Users status

    There should be one feature or option to set the users status change automatically based on given schedule.

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
    • Health / Usage

      We would like a way to view the current usage of a Red device, including CPU, bandwidth, and other usages.

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
      • Failed logins displayed WAN IP

        when failed logins UTM gives a log by WAN IP - suggest must have a way to find out or masked the WAN IP from the AD users when connecting. Thanks!

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
        • Encoded content filter on headers

          Hi,

          we received a phishing attempt in which an internal and effective email address appear as sender. After some analysis we found in the message header that sender and subject were encoded on UTF-8 (Base64).

          Here the modified header as example:

          - - - - - - - - - - - - - - - - - - - - - - - - - -

          Received: from hide (hide) by hide
          (hide) with hide (TLS) id hide via hide
          Transport; Wed, 10 May 2017 23:45:21 +0200
          Received: from hide (hide) by hide
          (hide) with hide (TLS) id hide;…

          6 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • when sending error messages to users who connect to a non-existing or forbidden HTTPS-site, send the full CA chain to the user/browser

            Reason: Google forces more and more websites to HTTPS by punishing HTTP-only sites with a bad search ranking. In such a case proxy SG only sends the auto generated certificate to the user, which results in an unclear and ugly certificate error message by the browser to the user. This can be prevented by creating a signing certificate in the internal PKI, where the proxy SG must send this signing certificate to the user. Creation of the signing certificate is out of your scope, but it will be an internal certificate, valid to the internal organization only. Sending this signing…

            3 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Sophos UTM Manager

              Add website tagging in SUM Web Filter action policies;
              UTM web filter actions include web site tagging on the tab to Allow/Block individual URLs, however the SUM is missing the website tagging feature.
              Worse than this though, if a customer puts in tags on the UTM directly, and then uses the SUM to update the policy later, all the local tags are deleted by the SUM policy.
              Could you consider adding the Tagging feature to the SUM Web FIlter policies, or if this isn't possible, prevent the SUM from erasing the Tags when sending acentral SUM based web filter policy…

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
              • SSL VPN Software Deployment (XG)

                We need the ability to deploy the SSL VPN client is a centralized manner. Our remote users do not have local admin rights on their machines, so it would be great if a package could be deployed that would automate the install. I understand that each installation package has the users' certificate, but there still needs to be a solution to this. It was simple with the firewall product we moved from to remotely deploy the SSL VPN client software to the endpoints.

                5 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  2 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                • Mail Limit Relayusers to a specific ip/network

                  Improve the possibilty of the mail protection to define specific single/multiple IPs and/or networks which are allowed to use smtp auth. to send a mail from external through the UTM to other receiver (internal and external)

                  We have had an open bug report on Sophserv but the sophos contact advised us to open a feature request here.

                  Add. information: The blacklist/whitelist box is available at the moment. But if you assign "Any IPv4 Internet" Default rule to blacklist(as mentioned by sophos support - we speak of the SMTP Relay Tab) blocks all SMTP traffic not only the relay traffic.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • connected users wifi

                    We have a requirement to track the amount of devices connected to WiFi per month. We have been advised that this is not currently possible and I would need to log a feature request.

                    Please refer to case #7590409.

                    Ideally we would require the following:
                    -An automated report which can be sent out to specific users once per month/week
                    -Report must contain the number of connected devices within the particular time frame
                    -Report must contain how much data was used by each device during this time

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                    • Manage ourselves the Application Control list

                      Management of enforcement : To manage ourselves the application control list !

                      I read here a multitude of needs (Deskshare, iHeart, Moxtra, SOMA...)

                      For my exemple, I need to add Trend Micro for QoS management.

                      2 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                      • Additional user info for guest Hotspot access

                        In some places (like Brazil) the companies providing guest internet access must collect and store information about their users/visitors in order to allow them to get to the Internet.

                        UTM should provide a custom form to allow the company to request the required data (like ID, email, phone numbers etc) and store those information for a specified amount of time (like 6 months, 1, 2 years etc)

                        Also, they need to better correlate a web access to a hotspot visitor. Today it's only possible by searching different logs for IPs and voucher numbers. The voucher should be present in the…

                        15 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          2 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Fingerprinting Spam

                          A development of spam methode is Fingerprinting Spam. Would be nice to have this feature available on Sophos devices. I was advised to raise a feature request by Sophos.

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • POP3 - Autoreply or Autoresponder when mail contain blocked extension

                            The UTM doesn't have an option to send automatically e-mails back to sender if there mails where blocked cause of extensions like .doc or .xls and so on in POP3 Proxy.

                            2 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • create updated visio stencils for the XG platform for use with Visio 2013 and newer.

                              create updated visio stencils for the XG platform for use with Visio 2013 and newer.

                              8 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • RED 50 Monitoring of WAN1 / WAN2 with snmp

                                I want to Monitor the two WAN-Interfaces of the RED50 with snmp.

                                Another Thing is: I want the second WAN Interface to be permanently on and refreshing the DHCP-Address, as it usual, not only if the Interface is in use..

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                • Log MAC addresses that connect through hotspot

                                  Log mac addresses that connect using the hotspot feature. Regulations in UK require us to be able to provide evidence whether a certain MAC address has connected to our guest wifi facility in the last 6 months

                                  2 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Unified logging

                                    Compared to MS Threat Management Gateway 2010, analyzing log files on UTM is a chore. TMG had several advantages:

                                    1. Unified firewall, waf and proxy logs.
                                    2. Logs were store in a single file or an internal/external SQL database
                                    3. The interface for analyzing log data was capable of easily creating very complex queries with point and click.
                                    4. Logging was on by default.
                                    5. Data was broken into columns automatically, did not require parsing a very long text string.
                                    6. Easily exported to Excel for further analysis

                                    I would like to see some of this implemented in UTM. Viewing…

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                                    • HTML5 VPN Portal - Smartcards

                                      It would be good if we could pass through Local Resources such as smartcards as we enforce smartcard login requirements. This is currently preventing us from using the Sophos VPN HTML5 solution

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Allow enabling of Encoded Slashes directly on UTM Interface

                                        The UTM should have a function in the Web Server Protection that allows the administrator to configure whether or not encoded slashes are allowed for the servers.

                                        This is especially important for specific SAP-relevant functions, such as Fiori systems.
                                        At the moment it's possible to manually configure this setting but it's reset everytime a change to a server is made.
                                        I believe that it would be best to either:
                                        - not overwrite the that point in the config, if enabled
                                        - or straight up allow this configuration in the panel.

                                        3 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Let's Encrypt Integration

                                          It would be very nice if Let's Encrypt CA start with public certificates (letsencrypt.org), that we can get certs throug the UTM Gui. So that the "Let's Encrypt Client" is integrated in the UTM. Would it be possible?
                                          Best Regards

                                          1,254 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            221 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.