SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. special character support for client certs

    when using user certs for client authentication the authentication fails when user name contains specials characters like german Umlaute. The client cert is generated automatically with email information from AD as the CN. In AD the CN may contain the special characters. the cert is then created with some (probably utf-8) replacement characters. In the end the Sophos connect client can't find the right client cert for authentication.

    would be great to support also other character-sets for certs

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  2. Update OpenVPN SSL VPN Encryption Algorithm's

    Add CGM options for SSL VPN encryption algorithm's.

    Currently UTM9 (SG) / XGv18 only supports CBC. Ideally we have options for AES128/192/256-CGM & CBC and remove older insecure algorithms such as BF-CBC & DES-EDE3-CBC.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  3. Stop SSL VPN from storing users' passwords in client PC's memory

    Currently the Sophos SSL VPN client logs this warning in its log when connecting: "WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this"

    This appears to be a security risk, since a malicious program could conceivably obtain the user's login credentials.

    I opened a ticket with Sophos support for this, but they confirmed there is no way to make the UTM add this option to the .ovpn files when it creates the client installer bundle for a user. The user CAN manually add it to their .ovpn file, but it's not feasible to…

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  4. Native Windows 10 SSLVPN UWP VPN plug-in

    Can we get a Windows 10 VPN plugin like the other vendors have done to allow SSLVPN over the standard Windows 10 VPN client.

    This would solve all the deployment problems with the legacy client, No more saving passwords in text files, no more TAP adapters, no more messing with shortcuts to make the process transparent.

    Here is an example of how easy deployment is with a plugin to the built in

    Add-AppxPackage -Path "C:\VPN.Appx"
    $xml = "<MobileConnect><Port>4433</Port></MobileConnect>"
    $sourceXml=New-Object System.Xml.XmlDocument
    $sourceXml.LoadXml($xml)
    Add-VpnConnection -Name "Work Network" -ServerAddress https://vpn.work.com:4433 -PluginApplicationID SonicWall.MobileConnect_cw5n1h2txyewy -CustomConfiguration $sourceXml -RememberCredential $true

    You can even configure the VPN connection…

    34 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  5. Must Use The VPN For Internet Security and Privacy

    Hi, Guy you all will be fine! I really know all are using the internet but you also know that thing internet is not safe at all without the VPN I have searching and a little bit of research about the VPN we must use the paid VPN instead of free it will secure your internet connection through their secure servers here an example of that https://fastestvpn.com/server-locations/usa-vpn. also help in streaming too Watching Netflix and Disney etc.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  6. Disconnect SSL VPN User Sessions

    If I have to disconnect SSL VPN User Sessions, it would be fine, when I have a button.

    22 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  7. More than one concurrent SSL VPN Client at same time

    Currently only one CLient SSL VPN connection is allowed at any one time to Sophos firewall (UTMs). Suggestion is for muitiple connections. Reason is we do off line backups to customer sites via VPN but currently can only do one at a time. We have several customers who require us to do these backups.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  8. Upgrade WebAdmin CA to create 2048bit keys in Certificates

    Sophos does currently not support the VPN Connection of iOS devices due to incpmliant key length in Certificates. Apple devices expect 2048 Bit. Please upgrade the WebAdmin CA.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  9. SSLVPN: Bad Compression header

    Hello,

    I'm using SSLVPN and am getting "Bad compression error" as mentioned in below post:
    https://community.sophos.com/products/xg-firewall/f/vpn/100669/ssl-vpn-bad-compression-stub-decompression-header-byte-102

    Downgrading OpenVPN client to version 2.3.10 solves this issue.

    As discussed with Sophos Escalations Team, raising a request here to upgrade OpenVPN server of Sophos to make it compatible with newer versions of OpenVPN client.

    Ubuntu 18.04 onwards ships with newer version of OpenVPN client and its older versions are no longer supported on Ubuntu 18.04 onwards. Hence, it would great if this can be done at the earliest.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  10. SSL Site-to-Site VPN uses the same IP pool as SSL-Remote-VPN

    SSL-Site-to-Site-VPN uses the same IP pool as SSL-Remote-VPN. This leads to problems if the UTM acts as an SSL-Site-to-Site-VPN-Master and at the same time as an SSL-Remote-VPN-Master.
    By using the same pool, packets from the respective VPN systems are routed incorrectly. For example, packets from the remote VPN can be routed to peers in the Site 2 site tunnel.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  11. mib

    hi all,

    I would like to monitor via snmp users vpn sessions, ie there bandwith and the user logged on at any given time on my utm 9 device.

    thanks,
    Rob

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  12. Upgrade OpenVPN to fix key lifetime OTP issue

    if you have one time password (OTP) turned on and you reach key lifetime which by default is 8 hours the VPN kicks you out because it tries to re-authenticate with the old OTP password - new versions of openvpn have fixed this - a work around is to adjust the key lifetime which decreases security

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  13. SSL VPN - create and use a certificate revocation list

    If a user is deleted from the UTM and the account was in use for SSL VPN, his user certificate should be set to a certification revocation list.
    The SSL VPN service should use this revocation list to avoid using old certificates from accounts that were created on the UTM with the same name. This is currently possible, 05/2020.
    The UTM does not maintain revocation lists for users and the SSL VPN service does not use this capability, although OpenVPN offers it.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  14. SSLVPN Load Balancing in Cyberoam CR35iNG

    Hello,

    I checked with Sophos technical support team and found that there is no option for Load Balancing / sharing for SSLVPN on Cyberoam CR35iNG.
    We are using 2 ISPs with 30 Mbps each. If there was a way to make some sort of division in VPN rules/setting so that half of our employees could user 1st ISP and other other half could use 2nd ISP. This would really impact bandwidth usage and decrease lags on SSLVPN. As of now due to COVID-19 situation all of our employees are working from home and our 2nd ISP is not getting used…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  15. Wireguard VPN support

    I'd be nice if you would include WireGuard in your suite of server-side VPN protocols in your UTM line.

    148 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  16. SSL VPN - Assign IP address via internal DHCP server

    When clients connect via the SSL Remote Access VPN, you should have the option to assign IP Addresses via an internal DHCP server and not only from the UTM Virtual IP Pool. This is currently available with PPTP and L2TP over IPsec but not with SSL VPN. Companies need to have more control over the IP addresses and leases assigned to clients that connect via the SSL VPN.

    62 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  17. restrict machine to log in on remote access vpn if it do not have any sophos agent installed on the machine

    Customer is requesting to have restriction for the machine to log in on remote access vpn if it do not have any sophos agent installed on it. For your assistance please

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  18. Request to add notification alert for Remote Access VPN

    Hi, Please include generate email notification alert for Remote Access VPN option in Sophos UTM 9. This help us to know who and where they connect.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  19. AWS Transit Gateway Support

    Currently, the Amazon VPC setup does not support the new Transit Gateway in AWS. When you attempt to import via config file or secret key it errors out with a Regex error.

    I went up the whole chain of premium support and the GES Engineer let me know it currently isn't supported.

    As Transit Gateway is the future of Inter VPC & S2S networking this would be nice to have supported.

    18 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  20. vpn

    Please block Star VPN. It is connecting on the user machines and they can browse freely.
    Thanks

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 14 15
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.