SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Adding option for exception allowing unscannable mail

    It would sometimes very helpful to have the possibility to create an exception for allowing mail with not scannable attachments while having the global option quarantine unscannable and encrypted content enabled.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Historical SMIME Certificates

    If I change an existing Certificate to a new one we're loosing the ability to decode received mails for a longer time. Many Business Partners have the old one and are using this for encryption. The UTM is no longer able to decode until an Key exchange took place.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Adjustable response to SPF Records with ~all

    We get phishing mail with faked sender!
    Examples:

    mastercard.com text = "v=spf1 include:spf.protection.outlook.com
    include:deliverygateways.masercard.com include:external.mastercard.com include:ma.mastercard.com ~all"

    paypal.com text = "v=spf1 include:pp.spf.paypal.com include:3ph1.spf.paypal.com
    include 3ph2.spf.paypal.com include:3ph3.spf.paypal.com
    include:3ph4.spf.paypal.com nclude:c.spf.ebay.com ~all"

    The problem with this is ~all

    The UTM marks the mail somewhere in the header and forwards it.
    This is not good!

    It would be better if you could adjust the response to such a mail:

    reject this mail
    accept this mail
    treat this mail as SPAM (marked as SPAM)

    It could thus enable a lot more control over such mails!

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. MailSecurity: certificate download via LDAP/OCSP for S/MIME

    it should be possible to automatically download S/MIME certificates from LDAP and encrypt outgoing mails. Also it should be possible to enable OCSP for CRLs.
    Thanks.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Backup MX

    Enable SMTP (or SMTP Profile) to be used as backup MX. It just spools mails and sends it to external mailservers. Would be nice to have a per domain settings how long a mail should remain in spool until it gets sent back and what are the retry intervalls to send to a external host.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Mail Security: Customized Per User Mail Footers

    Support for defining templates to add a legal mail footer defined by a template with information from AD/ldap like Fullname, Telephone, Fax or internal management.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. time-of-click protection for email spear-phishing attack

    Many of today's threats, begin with a spear-phishing attack: a single,
    carefully crafted email that tricks a recipient into clicking a link to download malware or open a malicious attachments.

    Handling this type of emails like proofpoint would be really nice to have in UTM as email protection appliance. Handling is to actually replace links, attachements so everything runs sandboxed if suspicious.

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Quarantine release HTTP Port

    Ability to change the Quarantine release HTTP port to a port below 1024.

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Quarantine Report Plain Text

    Because the quarantine report of ASG / Mail Security version 8 uses PNG-files it looks bad in mail-clients that doesn't support PNG-files, e.g. Lotus Notes version 7. A option to send quaratine reports as plain text mails (not HTML) would solve that problem.

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. MailSecurity: Require encryption/signature

    Using a special marker mail should be disallowed if encryption/signature are not possible.
    This should result in an NDR - "mail not send - encryption not possible"

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Mail Security: Adjustable Max Queue Time

    It would be nice if you through the web interface, can change how much time a mail should be stored in the firewall before it reaches the bounce.

    So we have a server that went down on 29/12 but first came up again on 4 / 1, there are now some lost mails, because Astaro V7, only save the mails in 48 hours, and I can not find a way to change this?

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Email Encryption: Email Aliases

    Add more than one email address as alias to internal user for S/MIME and OpenPGP.

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Authentication: Email address to LDAP Query

    When using openldap (such as against lotus) add the ability to have astaro retrieve the mail address correctly, currently it is not retrieved.. More integration options with non-windows/exchange environments.

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. SMTP - check sender mail domain

    When accepting mail messages, the sender mail addresses, the domain part, are not checked for existence. No queries are made as to whether the domain holds an MX record, for example. This should apply to both address fields, envelope and header.
    In this way, fake addresses of stations could be avoided.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. SPX Registration Password inklude in Backup

    The passwords of the registered recipients should be included in the backup. During a recovery, users must always re-register.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add X-Spam-Flag Header with spam action "warn"

    If the astaro antispam engine detects a message as possible spam it should add a header X-Spam-Flag: YES if the spam action is set on "warn".

    This is way better than rewriting only the subject.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. SPX encryption: configure the minum password length from now fixed 8 characters to other (higher) values for generated one-time passwords

    -->
    I wish a new additional password length field in the GUI in the first tab „SPX Configuration“ of SPX Encryption for passwords of the type "Generated one-time password for every email", where I can configure longer passwords, which means longer minimum password lengths. E.g. 16 characters.

    Background:

    The sophos utm then by default generates passwords with a length of 8 characters.

    Today, this insecure, when the attacker uses a brute force method with special GPU computers.
    It may be cracked within less than 1 day.

    The password length, that I can configure on the first tab „SPX Configuration“ of…

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Mail Protection: Expand SPX configuration options

    I'd like the new SPX encryption included with UTM 9.2 to include expanded configuration options such as:

    -Keyword (custom expression) filtering on body, subject and addresses as independent rules (not one custom expression for the entire message, IE using ENCRYPT in the subject gets picked up but I don't want the word ENCRYPT to be picked up in the body)

    -The ability to encrypt all emails sent outbound to a specific domain

    -The ability to bypass encryption filters for recipient domains where TLS exists

    -The always popular User Registration Portal to manage passwords, secure reply, add attachments, etc. I understand…

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Whitelist for PureMessage that over-rides all lists

    Feature Request Summary – To allow any white listed mail addresses to be outside and unaffected by the content violations.

    How will this new feature address your business requirements? – As above. We block the word facebook however this appears on most email signatures these days.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Mail Security: Email encryption - prevent void Certificates

    Currently if a user is enabled for mail encryption and there is an existing certificate it will be used - there's no check if it's still valid (date).

    PLEASE add a check that expired certificates are not longer used!

    regards

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.