SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add Intelligent Notification for IPSEC Tunnel Up/Down

    Hello Sophos,

    For many of our customers, we had configured a number of IPSEC Tunnels and enabled the notification when a Tunnel goes Up/Down. Due to Dead Peer Detection (DPD) the tunnel going down due to inactivity and coming up again, Which sends a number of Up/Down notifications which are useless for us.

    1. Shouldn't Sophos be smart enough to recognize the status change is due to Dead Peer Detection and do not send a notification?

    Or

    2. An alternate solution to the problem is if you can introduce an alert which sends a notification only when a tunnel is…

    18 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
    • Failed logins displayed WAN IP

      when failed logins UTM gives a log by WAN IP - suggest must have a way to find out or masked the WAN IP from the AD users when connecting. Thanks!

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
      • SSL VPN Software Deployment (XG)

        We need the ability to deploy the SSL VPN client is a centralized manner. Our remote users do not have local admin rights on their machines, so it would be great if a package could be deployed that would automate the install. I understand that each installation package has the users' certificate, but there still needs to be a solution to this. It was simple with the firewall product we moved from to remotely deploy the SSL VPN client software to the endpoints.

        5 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          2 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
        • Notification OTP session time out

          By default VPN session is droppedafter 8 hours when OTP token reaches end of validity. Causing loss of data for users. Suggest a 5-10min popup warning from the VPN session icon in the system tray so user can save data and close session and then open renewed OTP VPN session.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
          • Whitelist SSL VPN

            Currently there's no way to isolate specific SSL VPN users in Sophos. While a Firewall rule can be set to access the whole service there isn't a way to allow users A, B & C access from any network but limit user D to only a specific IP or range.

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
            • openvpn 2.4

              my uses sometime connect but cant access network resources - they try again a couple of hours later and it works

              the net says there are issues with windows 10 and these are mostly fixed with openvpn version 2.4

              as version 2.4 has just come out it may be worth waiting until 2.4.5 for any bugs to be fixed but to schedule this into the UTM development pipeline

              5 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
              • Use of the per app VPN for SMC Central via UTM as a VPN Gateway

                Please can we look into the possibility of being able to have Central SMC and UTM - Using the Per App VPN Option and the UTM as a VPN Gateway

                2 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                • Add the feature of adding IP List on SSL VPN Allowed IPv4 network settings

                  Currently there is no option to add an IP list in allowed ipv4.Network resources. This feature was there in Cyberoam. Post migration to Sophos, it wasnt possible.
                  Request to add this feature, so that ACL will be more sophisticated at Firewall Level.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                  • Notifications for failed VPN login

                    It would be good if notifications could include failed VPN connection attempt.

                    3 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                    • Multiple AWS VPC site-to-site VPN connection

                      If you have multiple accounts to AWS. And you need to have site-to-site VPN to different AWS VPC, you can't dot it in UTM9. You are stuck with only one connection to one account VPC.

                      This is really drawback of UTM9. Have to find a solution, otherwise I will discontinue with UTM and go for another product which allows this.

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                      • VPN: Local VPN ID choices with IPsec PSK

                        This has been marked as "completed" but to my understanding is only half complete.
                        Having multiple IPSec site-to-site tunnels autheticated by PSK, one still can't freely choose the ID for each tunnel.

                        Given I have multiple tunnels to customer networks (where I can't change the ID Type expected for my host)
                        some expect me to give the external IP as Peer ID others expect the hostname (which sometimes doesn't even match the real one)
                        Under current 9.4 I can only set my ID once for all tunnels but not individually per tunnel.
                        So any Connection should also allow to edit…

                        3 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                        • Route Based IPsec tunneling

                          To connect more than one location to a microsoft azure environment it is neccesary to build route based IPsec connections. In future Microsoft azure will be a important solution platform, so many customer will use this solution.

                          7 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            2 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                          • Deliver Complete Certificate Chain for User Portal

                            The user portal in the UTM is not able to deliver the complete certificate chain. It is missing intermediate certificate due to which our VPN Portal is categorized B on online SSL Testing websites.

                            6 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                            • rulechecks sslvpn clients

                              We would like restrictions to be checked on when sslvpn clients are connecting towards the network.

                              For example if someone is running a specific service, the network connection is allowed, and otherwise not. or for exampe, if there is no anti-virus running from a specific vendor.

                              9 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                              • Changing the Tunnel name of Amazon VPC site-to-site on UTM

                                Hello Team,

                                We have a request here from our customer to habe option to rename the Tunnel name of Amazon VPC site-to-site on UTM. Right now, all of Amazon VPC site-to-site VPN tunnel names are _vpc-0_ in their UTM configuration. There are requesting the option for have it to be rename for them to make it easily identifiable.

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                • Autocreate Users on VPN Authentication

                                  If a user is not a local user, and authenticates via radius to connect to the VPN, that user will not appear in the "Online Users" list that's presented when an Admin clicks the Remote Access item in the menu. Allowing VPN connection to autocreate a local user record, as logging in to the user portal or web admin does, would fix this. Thanks.

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Set MTU for SSL VPN and enable "engine aesni" for OPENVPN

                                    For make ssl-vpn faster, I would like to set MTU for SSL VPN and enable "engine aesni" for OPENVPN on AWS Sophos UTM9.

                                    3 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Add new feature to Sophos UTM VPN that extracts the last login date of users.

                                      We have been managing many users on the Sophos VPN. We face a challenge on day to day basis, and that is, we are not able to restrict the users' access who have left the organization or are not anymore, a part of the team and that is primarily because we are not able to track the last login date of users.

                                      If you add the new feature to UTM that would extract the last login date of the users, we plan to lock the user's access who have not logged in to the Sophos for a stipulated period of…

                                      3 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Update Web Browser for HTML5 VPN

                                        The HTML5 VPN web browser is Firefox 17.0.

                                        This browser is literally more than 4 years old, at the time of this suggestion. It has many known security vulnerabilities, and is not compatible with a great many newer sites. This absolutely needs to be updated, and kept up-to-date with firmware updates. Using a 4-year-old browser in current firmware is beyond unacceptable.

                                        2 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                        • openvpn ssl vaidates against cn should validate against fingerprint

                                          openvpn ssl validates against cn should validate against fingerprint or the whole certificate - if i lost my laptop and password - delete user from utm and readd with the same cn - i can still remote in using ssl

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 11 12
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.