SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Better Website management in Webfilter

    Right now the Website list in Webfiltering has very limited management options. Importing or deleting longer lists is not possible because the page freezes. It would be great to have export and working bulk edit options.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Webfilter: Ignore extraneous root certificates

    Many sites include a root certificate in their downloaded chain. This is either a remnant of cross-root certificate mapping or a configuration error.

    All tested browsers ignore the self-signed certificate as long as the same root certificate is installed in the trusted certificate store.

    Unfortunately, OpenSSL, and therefore UTM, are not able to detect that the supplied root certificate is unnecessary, so the connection is blocked. Because of the significant number of sites with this configuration, it is a significant problem.

    This link has an extensive discussion of the problem:

    https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest

    The discussion asserts that the RFC permits inclusion of…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Notification of Proxy Routing

    There needs to be an alert or notification that when setting firewalls for Internet IPv4/6 as a destination that the subnet of the two networks that shouldn't talk to each other are added to their respective web proxy profile blocklist.

    I have encountered many people that are not aware that the web proxy routes. Many people do not test their security configurations and this functionality (proxy routing) goes some time without being realized.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Attachment, link, and file emulation

    Email is a huge vector for malware. Not all of it comes in as an attachment. Links in email often lead to NEW malware. NEW versions of malware are attached or embedded into Office documents. Files users download may have NEW undetected malware in them.

    Palo Alto has Wildfire. FireEye has a similar service/appliance. Each service takes URLs, Office documents and unknown files and detonates them in a sandbox to determine if they are malware. Previously unseen downloaded files are uploaded to the same service. When NEW malware or malware links are discovered, an update is pushed to all subscribing…

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Web Protection: Selectively allow range requests (AKA improve iPhone media streaming)

    Mobile devices like the iPhone/iPad use HTTP range requests when accessing media content. Range requests allow a client to request a specific range of bytes from a file on the server, rather than downloading the whole file in one go.

    Unfortunately downloading a file in small chunks makes it impossible to scan that file for malware. Indeed, it could provide a handy way for a malicious program or actor to circumvent gateway security measures and deliberately download malicious code.

    For this reason the UTM will block range requests. The only way around this at present is to exclude the site…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enable the admin to remove unused Website Tags in Web Filtering

    If one defines a website tag in the UTM for a collection of URLs, then later desires to fully delete the tag (the tags remain in the configuration db even if not assigned to any URLs), there is currently not a way to do this. I contacted support and they said this would be a feature request (seems like missing basic functionality to me).

    50 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. YouTube for Google Apps support

    Google will no longer be supporting YouTube for Schools anymore. They are now moving it to Google Apps for Education's YouTube settings. In this setup, redirection for www.yotube.com, m.youtube.com, and youtubei.googleapis.com need to point to restrict.youtube.com (see https://support.google.com/youtube/answer/6214622)

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Huawei P8 Lite Fitbit Flex Connection 2

    Huawei P8 Lite Fitbit Flex Connection 2
    Hello
    A friend recently gave me her old bracelet Fitbit Flex 2. It is reset but we are unable to connect it to Bluetooth with my Huawei P8 Lite while we get there with other devices... Have you ever encountered this problem? Solutions?
    Thank you, everyone.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enforce youtube safe mode

    Please add safe mode for youtube like google or bing search

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Autonomous quota consumption (no user confirmation)

    The new quota feature works great, but there is a big problem using quota on mobile devices. Having a media streaming quota configured you have to open a web browser and confirm the amount of time (quota) you want to use. That works fine on desktop, but on mobile IOS devices such requests in a browser gets redirect to a installed APP (You Tube) and you never have the chance to confirm the quota you want to use - as a consequence YouTube app does not have internet connectivity.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Web Protection: Youtube and blocking specific categories

    Coming from another vendor one of the features I like/had was that I could block categories within YouTube. We are a School District that needs to access YouTube (YouTube for Education has limited content). It would be nice to setup a policy or rule to be able to block these YouTube Categories.

    Currently available categories are:
    • Film
    • Autos
    • Music
    • Animals
    • Sports
    • Shortmov
    • Travel
    • Games
    • Videoblog
    • People
    • Comedy
    • Entertainment
    • News
    • Howto
    • Education
    • Tech
    • Nonprofit
    • Movies
    • Moviesanimeanimation
    • Moviesactionadventure …

    163 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. upload bandwidth report

    Customer would like a report of upload bandwidth used so that they would be able to identify any possible data leakage if they can identify users that have high upload bandwidth usage.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Time based rules for traffic throttling or shaping

    It would be very helpful to have time-based rules for traffic throttling or shaping. For example, users at our office access Facebook and we don't want to block it - just make it less of a burden on our Internet connection.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Disable option for users time to use for a site

    When you configure quota the user get a page for “Select how to your remaining time quota to use” I am missing the option to disable this.

    I want to get only get a message when the users use al of there quota.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. tagged websites in exceptions

    in the webfilter exceptions you can configure websites "tagged as", however this doesn't work.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. tag support parent proxy

    if there already tagged websites, it would be nice to support these tagged sites also in the parent proxy.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Block via user agent

    Customer requesting to block traffic via user agent

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. when sending error messages to users who connect to a non-existing or forbidden HTTPS-site, send the full CA chain to the user/browser

    Reason: Google forces more and more websites to HTTPS by punishing HTTP-only sites with a bad search ranking. In such a case proxy SG only sends the auto generated certificate to the user, which results in an unclear and ugly certificate error message by the browser to the user. This can be prevented by creating a signing certificate in the internal PKI, where the proxy SG must send this signing certificate to the user. Creation of the signing certificate is out of your scope, but it will be an internal certificate, valid to the internal organization only. Sending this signing…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Proxy usage security problem + change the bad proxy design

    When using - Skip transparent mode destination hosts/nets
    with Allow HTTP/S traffic for listed hosts/nets checked, not only hosts which are in Allowed Networks can reach this destination hosts. So if you have a public WLAN which is not in the Allowed Networks Web Filtering, everyone in this Network can reach the destination hosts.

    The automatic Rule Allow HTTP/S traffic for listed hosts/nets should only allow the
    Hosts in Allowed Networks to solve this security problem.

    If you dont want to change this behavior please remove the Allow HTTP/S traffic for listed hosts/nets_ Feature for security reasons.

    General…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add a "bytes out" field in http.log.

    A "bytes out" field in the http.log would help identify hosts that are sending a lot of data out of our company. This is important to know, regardless whether the data flow is intentional (e.g. malicious user) or unintentional (e.g. compromised host.)

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.