SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Web Protection Block Files Upload

    It would be nice to block file upload on cloud services or any other webiste, to prevent any kind of data leakage.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Websocket Support for Web Protection / Proxy

    this is self explaining and need no further details.

    24 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add AnyDesk to Application Control List

    Hi,

    AnyDesk (https://anydesk.com/) is a powerfull tool for remote control, so please add to the Application Control List.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Change httpproxy to 64-bit application.

    We can only use 4GB memory space with httpproxy.
    Therefore, it is not possible to sufficiently use the hardware resources with the SG 650 or the like high-end appliance.
    Please change httpproxy to 64-bit application.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Crypto currency Catagory for content filtering

    Hello Sophos,

    While managing UTM appliance we have observed lot of user started browsing sites related to “cryopto-curancy” and "mining of Cryto-currancy". These sites are hogging my bandwidth

    when I search these websites they fall under finance category which is making job difficult to block such website

    My request you to please create separate category for CRYPTO CURRENCY related sites so that we can use/enjoy appliance features optimally

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. editable, multi lanquege, custom block page

    Hi,
    Since a couple of months we working with you UTM product... and I love it.
    I have one missing point in the UTM.
    We are a dutch company with a lot of employees who have difficulty reading English reports or can not read them at all.
    It should help this users if the blockpage was displayed in there own lanquege.

    This can be achieved by providing blockpages multilingual (seems to me to be impossible for you), making them editable (everyone can store their own messages) or creating the option to make a link to a custom page for each…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. HTTPS Signing CA should be restricted

    The HTTPS Signing CA should be restricted to Enhanced Key Usage Server/Client Auth, Basic Path Length Constraint = 0 and no private key download should be allowed.

    The Certs signed by this default CA are (or should be) used only for Server/(Client) Auth?! Currently the CA has no restriction for Enhanced Key Usage and Basic Constraint path length. So a (compromised) CA could offer certs for any purpose and build unlimited SubCAs.
    [The Path len may not be so vulnerable, because keyCertSign isn't set]

    Also it shouldn't be allowed to download this CAs private Key. For what purpose (other than…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Treat UTM Proxies as Network Protocols

    When adding a new 'Service Definition', we need to be able to pick one of the proxy services as the 'Type of definition' so that we can enable tighter security on non-standard ports.

    An example of this would be to define a new service named "HTTP.8080" of type "HTTP" source port "1:65535" and destination port "8080" to allow 8080 traffic to still be scanned by the Web Security HTTP proxy.

    Another example of this would be to make a new service named "HTTPS.444" of type "HTTPS" source port "1:65535" and destination port "444" to allow 444 traffic to still be…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Make The Refer To Sandstorm Option in Web Filtering Exception To Be Edited Even if Without Sandstorm License

    Hello Team,

    Customer is requesting to Make The Refer To Sandstorm Option in Web Filtering Exception To Be Edited Even if Without Sandstorm License.

    The checkbox on the Web Exceptions form is disabled.

    The problem is that some of my exceptions have the check box checked and customer can’t uncheck them.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Web Proxy should honor Country Blocking Exceptions

    Currently (9.506-2 and prior), Web Proxy enforces country blocking but ignores country blocking exceptions. Support says this is not a bug, although it is hard to justify why making the product work as expected should be considered a "feature" request. Their workaround is to disable URL filtering for desired exceptions, but this also disables other policy checks that we want, such as blocking access to Social Networking Sites.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Fully support QUIC (HTTPS via UDP)

    Google is using a new method of delivering content securely by using the HTTPS port 443 via UDP and TLS.
    I've noticed from analyzing logs that traffic flowing through QUIC does not pass through the Web Filter, thus allowing unfiltered/unscanned traffic through it. This can pose a threat to network security if used maliciously, additionally, it allows advertisers to stream ads to your browser without being filtered at all, which is both annoying and frustrating.

    More about QUIC can be read here : https://www.chromium.org/quic

    With that said, I would like to see full support for QUIC natively in Sophos UTM…

    25 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. transparent proxy intercept all ports

    in transparent proxy mode, all access to websites on standard ports 80 and 443 are intercepted and will use the web filter. However websites which use a different port, for instance http://website.com:1234 are not intercepted, but this traffic will directly flow through the firewall module and therefore needed to define a packetfilter rule (missing virusscan etc).

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. grayware

    what is grayware verdict classifies files that behave similarly to malware, but are not malicious in nature or intent. A grayware verdict might be assigned to files that do not pose a direct security threat, but display otherwise obtrusive behavior (for example, installing unwanted software, changing various system settings, or reducing system performance). Examples of grayware software can typically include adware, spyware, and Browser Helper Objects (BHOs). The grayware verdict allows you to quickly distinguish malicious files on the network from grayware, and to prioritize accordingly.
    Antivirus signatures are not generated for grayware and security policies cannot be enforced based…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. allow web filtering exceptions to use the referrer field as well as the URL field

    This would enable (for instance) youtube videos to be accessible as long as they were referred from a trusted website.

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Rewrite URL for URL Shortening services

    Rewrite URL shortening service URLs to force redirect mode, which is visible to the user and to UTM, instead of allowing transparent proxy mode, which is invisible to both. Longer commentary at this community forum entry.
    https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/89896/url-shortening-service----rewrite-to-force-redirect-mode---feature-request

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. OneDrive for Business

    We need the possibility that the web proxy with active https scanning scans the Microsoft One Drive for Business and SharePoint data Synchronisation files

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. cPanel and WHM ports

    Add cPanel and WHM ports to "Allowed Services" by default.
    Ports 2082, 2083, 2086, 2087, 2095, 2096

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Custom block pages dependent on AD group membership

    When a website is blocked, display a custom webpage which is dependent on the AD user group membership of the user. This would allow, for instance, a member of an "Internet Banned" AD group to have a block page which tells them they are banned from accessing any website, instead of the current message which refers to the category of the website - eg when trying to get to google, blocked because Search Engines are banned.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. exe filter bypass

    have an issue this link downloads an exe and bypasses my exe filter - http://www.tec-it.com/forward/vc2015x86redist-14.0.24215.1

    this link (http://software.bigfix.com/download/bes/util/Sha1.exe?cmmcuid=03907949092314956501473&cmmcsid_50200000=1495650147) is blocked by my exe filter

    this is a very big bug - is the first link even virus scanned

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow multiple authentication methods for Web Protection (Non Windows/Mac OS X devices)

    I would like a feature that allows devices to connect to the internet without authentication method but also allow the user to log in through the browser at any point in the session to gain their filter group.

    Ex. Allow the user to log into a Chromebook without authenticating to UTM and be awarded the default profile. At any time they are blocked by the strict default profile it should allow the user to specify their username and gain their groups specific profile.

    20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.