SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Upload Throttling

    Upload Throttling like download throttling. Having to create a traffic selector and bandwidth pool just to limit upload is incredibly unwieldly and practically impossible to do on a per user basis with any good amount of users. I spent an hour doing this just for 27 users.

    2 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      1 comment  ·  Flag idea as inappropriate…  ·  Admin →
    • Uplink Monitoring - bind a monitoring host to a monitoring action

      Scenario:

      Main office communicates to multiple (3) branch offices over a single MPLS link. While we can create a monitoring host for each of the branch offices, it is not possible to bind a monitoring host to a particular action.

      Presently when any of the monitoring hosts are detected to be offline, all Actions are performed. Greater granularity would allow the UTM to perform Action B only when Monitoring Host B is offline.

      9 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
      • Support for Multiple Domains for DKIM on SEA

        Feature Request - Support for multiple domains for DKIM on Email Appliances

        We have two email domains that send through our clustered email appliances and want to setup DKIM for both domains, however currently the email appliances only support DKIM for a single domain.

        We would like the ability to enter more than one selector and private key within the DKIM settings.

        4 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Waf-fle support Waf Server security monitoring console we need the waf part of the waf can or improve the reporting part and the waf-fle co

          Waf-fle support

          Waf Server security monitoring console we need the waf part of the waf can or improve the reporting part and the waf-fle console is a useful tool

          To be taken into account by you

          5 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Add driver support for Intel X710 Virtual Function

            Add kernel support (i40evf) for newer Intel X710 Virtual Function. Actually, there is a driver for older X520 Intel Virtual Function (ixgbevf), but no module for newer cards... It allows to use SR-IOV in virtualized environment, which provides a huge performance boost on network adapters supporting it.

            Intel provides a configuration guide to use SR-IOV with X(L)710 cards :
            https://www.intel.com/content/www/us/en/embedded/products/networking/xl710-sr-iov-config-guide-gbe-linux-brief.html

            Thanks,
            Nicolas

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
            • GUI Switch to enable "AllowEncodedSlashes" and "nocanon" in WAF

              We are hosting a SAP Fiori webserver behind a UTM-220. To make this fuction, you have to edit the virtual host in reverseproxy.conf manually, because Fiori needs the Apache directive "AllowEncodedSlashes On" and the parameter "nocanon" at the ProxyPass directive (for example "balancer://8f757b42....20/" lbmethod=bybusyness nocanon).

              After manual edit of the conf file it works, but after every change in the GUI we lost these entries. Please make it possible, to change these settings in the GUI. Thank you.

              2 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • No proper categorization of logs in WAF when configured in monitor mode

                When we configure WAF in monitor mode we did not receive proper categorized logs in Alert but when we configure in REJECT MODE - it works fine

                Requesting you to look this because before applying WAF we have to monitor traffic and pattern and after then we can create required rules in WAF

                Here this part is missing which will misguide user while configuring it

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • host blacklist

                  I want the ability to plain and simply paste in a bunch of IPs that are routed to localhost thereby blacklisting them. Or, even better, add a service that I can just turn on that points to a maintained list of such hosts... which can be found here: https://adaway.org/hosts.txt

                  This kind of request has been repeatedly asked for for a decade. Why is there no effort but into such a simple task?

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Block Unauthorized devices

                    Block unauthorized devices from accessing UTM resources (VPN, interfaces, User Portal, etc). This should be done in a platform-agnostic way.

                    Allow any authorized & authenticated device (whether it be a mobile, linux, Mac OS X, Windows, etc). Disallow (and/or control) unauthorized & unauthenticated devices.

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                    • Application Specific Signature for Ring Central

                      There is no Application Specific Signature for Ring Central, which means we can't apply Application-based Traffic Shaping Policy for it.

                      Please add Ring Central as a defined Application.

                      See below:
                      https://community.ringcentral.com/ringcentral/topics/how-do-i-troubleshooting-call-quality-issues-qos
                      https://www.ringcentral.com/support/qos-router.html?_ga=1.41909153.2038724511.1480961611

                      4 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                      • hostname

                        The UTM hostname needs to be FQDN so that things such as OpenVPN config file can resolve externally. But, this external FQDN should not necessarily be used for internal operations. One can set DNS A records/CNAMES in internal resolvers to anything, but virtually everything, such as notifications, references the FQDN and this can be confusing. It would be better to have a hostname (internal) and then multiple different external FQDNs, depending on the service in question.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                        • Rewrite URL for URL Shortening services

                          Rewrite URL shortening service URLs to force redirect mode, which is visible to the user and to UTM, instead of allowing transparent proxy mode, which is invisible to both. Longer commentary at this community forum entry.
                          https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/89896/url-shortening-service----rewrite-to-force-redirect-mode---feature-request

                          5 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Adding option for exception allowing unscannable mail

                            It would sometimes very helpful to have the possibility to create an exception for allowing mail with not scannable attachments while having the global option quarantine unscannable and encrypted content enabled.

                            5 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • cPanel and WHM ports

                              Add cPanel and WHM ports to "Allowed Services" by default.
                              Ports 2082, 2083, 2086, 2087, 2095, 2096

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Improve Application Control All-Over

                                I'd love if Sophos Application Control system, features, UI, etc ... Were similar to that of SonicWalls. If you take a look at a demo of their system, you'll see it's VERY feature-rich, with a very large array of different settings and such for applications. On top of that, they use an advanced method of identifying/classifying traffic using not only ports/protocols, but also application signatures and traffic patterns that applications use.

                                It would be great to see Sophos features improved over-all to properly compete with other solutions out there.

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  2 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                                • Add rules for TLS SMTP and update Email Messsaging group

                                  Since many mail providers want TLS for SMTP I suggest adding an TLS SMTP (Port 587) rule.
                                  The rule should also be added to the Email Messaging group which is predefined!

                                  3 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • BGP Resets When Adding New Subnet

                                    BGP Shouldn't reset When new subnet is added. This is uncommon that you add a subnet to advertise in BGP and whole BGP resets causing disruption to all users.

                                    Also, BGP graceful restart should be added.

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Full URL Report by user or Source

                                      A report per user or source for the accessed URLs (Full URL) not just the accessed sites.
                                      And Example showing Reason behind this:
                                      Users can abuse the system advising they are using youtube for work related research while they actually streaming music videos or watching comedy stand ups.
                                      And since they have access to youtube, when we pull a report. it will show that the user has access the website but no details about the full URL, that point to the specific video he was watching.
                                      If we go from the web protection report, the information are already there which…

                                      3 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • SPX and unscannable attachments

                                        If an outbound email is sent with SPX invoked (with outgoing messages being scanned), and it has an attachment which cannot be scanned (eg a password-protected Excel spreadsheet), and "Quarantine unscannable and encrypted content" is enabled, it will be quarantined - as you would expect.
                                        However when the email is released from quarantine, it is not SPX-encrypted.
                                        Could this please be remedied in a future firmware release.

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Whitelist SSL VPN

                                          Currently there's no way to isolate specific SSL VPN users in Sophos. While a Firewall rule can be set to access the whole service there isn't a way to allow users A, B & C access from any network but limit user D to only a specific IP or range.

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.