SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. SMTP look-ahead option to use VRFY

    for SMTP look-ahead recipient validation, add the ability to choose between RCP TO: (actual method) or VRFY: method. Some mail servers (ie DOMINO) always return OK on a RCPT TO (the email validation being done at a later stage on the domino server) . but they comply with the VRFY command.

    2 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • UserPortal: upload User Certificate

      In the UserPortal it should be possible for the User to activate his own E-Mail Address for mail encrytion with the possibility to upload their own Certificate in PKCS12-format. Then there woul be no need to tell the administrator the password for the certificate. And the administrator had less to do. No need to collect and import all the certificates.

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Allow logging of anti-spam feature results without blocking

        Currently, if I choose an anti-spam feature like 'Strict RDNS', I immediately block any sender that has not configured FCrDNS. I would like to be able to see 'RDNS invalid' in the log without that causing a block. Most spams probably would be blocked by something else, but it would be much easier to find false-positives and either inform the offending domain or make an exception for it.

        2 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • WAF filter on Headers

          I use the Sophos UTM and WAF to enhance protections to our hosted websites. Occasionally I am receiving traffic from spiders that advertise themselves as Scrapy (scrapy.org) via the User Agent. I would like to add a check for the user_agent and black list user agents that are known to be "bad". I do know that it is trivial change the user agent to something arbitrary and the ability would still be useful.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Logging: Anonymization of the original data

            The Anonymizationtool anonymized only the webreports not the original data (Livelog etc.)

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
            • iftop

              Need to have the iftop command to diagnoze bandwith usage.
              The current "live connection" view is too limited in sorting.

              3 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
              • SIP Invite NAT from Internal PBX/VoIP Gateway

                Provide SIP Invite NAT for internal PBX/VoIP Gateway. As stated by a Sophos engineer, this function is only available for internal VoIP phones registering externally to offsite PBX. Current feature does not work for internal VoIP gateways or PBXs.

                2 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                • SIP Invite NAT from Internal PBX/VoIP Gateway

                  Provide SIP Invite NAT for Internal PBX/VoIP Gateway. Currently Internal VoIP gateway SIP Invite headers does not get IP address translated when going to external interface to the SIP Provider; they receive internal IP SIP Invite headers. According to Sophos Engineer, this function is only available for internal VoIP phones registering to external SIP provider. SIP Helpers or NAT does not change SIP Invite Headers from internal IPs to External IP address from VoIP Gateway or PBX.

                  2 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                  • exe filter bypass

                    have an issue this link downloads an exe and bypasses my exe filter - http://www.tec-it.com/forward/vc2015x86redist-14.0.24215.1

                    this link (http://software.bigfix.com/download/bes/util/Sha1.exe?cm_mc_uid=03907949092314956501473&cm_mc_sid_50200000=1495650147) is blocked by my exe filter

                    this is a very big bug - is the first link even virus scanned

                    2 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Use of the per app VPN for SMC Central via UTM as a VPN Gateway

                      Please can we look into the possibility of being able to have Central SMC and UTM - Using the Per App VPN Option and the UTM as a VPN Gateway

                      2 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                      • Web Application Firewall / Site Path Routing: Allow Path longer than 63 Characters

                        It should be made possible to use a path in Site Path Routing with more than 63 Characters. Especially for more complex CMS Servers, this limit is reached far too soon.

                        2 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Support for Realtek RTL8811AU Wireless LAN USB Network Adapter

                          It would be amazing if Sophos added support for this WLAN USB NIC.

                          3 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
                          • Customising user messages from the UTM appliance

                            Currently there is facility to customise error pages including content blocking and warning, downloading, authentication and error messages. However, when accessing sites that have certificate problems (expired, incorrectly named, etc) the error page is the basic out-of-the-box page. It would be nice to be able to customise this page as well.

                            In fact the UTM message pages are pretty good in them selves, it would just be nice to be able to change just the header and footer separately.

                            6 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • Segregate 'IoT' devices from 'User' devices

                              'IoT' devices typically need far fewer protocols and often contact only a handful of services. They can (and should) be given much more restricted access to the public internet.

                              I would like to have 'groups' or 'types' of network devices (by MAC address), which can have different restrictions applied, as a group.

                              Ideally, add the ability to constrain the number of simultaneous connections and/or IP addresses for a given IoT device.

                              As a convenience, leverage the IEEE OID database to assign new devices automatically to the appropriate group, e.g. detecting a new device manufactured by Nest is automatically assigned to…

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Allow multiple authentication methods for Web Protection (Non Windows/Mac OS X devices)

                                I would like a feature that allows devices to connect to the internet without authentication method but also allow the user to log in through the browser at any point in the session to gain their filter group.

                                Ex. Allow the user to log into a Chromebook without authenticating to UTM and be awarded the default profile. At any time they are blocked by the strict default profile it should allow the user to specify their username and gain their groups specific profile.

                                18 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • filter smtp header

                                  Hello,

                                  we're looking for a solution scan the e-mail header agains senders name like john.doe@xyz.com. So we want to stop john.doe. This is most useful against phishing

                                  Haydar

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • On premise Synchronized security heartbeat

                                    Extend Synchronized security to on-premise installation (Sophos Enterprise Console)

                                    3 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      1 comment  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Notify user when they have used all of there Network Traffic Quota

                                      setup a report that can email a user when they have used a percentage of there network traffic quota. Example: "You have used 50% of your Monthly Data Allowance"

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
                                      • SNI Support for XG Firewall

                                        Server Name Indication (SNI) can be used to host multiple SSL sites on a single IP/Port. See http://en.wikipedia.org/wiki/Server_Name_Indication for details. It is already on UTM, but not XG. This will probably be needed if you ever decide to allow XG Firewall to request and manage Let's Encrypt certificates for multiple domains.

                                        7 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Add the feature of adding IP List on SSL VPN Allowed IPv4 network settings

                                          Currently there is no option to add an IP list in allowed ipv4.Network resources. This feature was there in Cyberoam. Post migration to Sophos, it wasnt possible.
                                          Request to add this feature, so that ACL will be more sophisticated at Firewall Level.

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.