SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. IKEv2

    Would like to see support for IKEv2 in AWS appliance.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  2. ssl vpn

    Problem:
    There's currently an existing bug (confirmed through support up to firmware v9.602) that causes the SSL VPN daemon to disconnect any users associated with a VPN Profile that has a DNS Host object in its networks.

    The UTM will check for updates on DNS hosts periodically (every 2-3 minutes) and any associated VPN Profile will perform rolling restarts on it's users.

    This only causes a few seconds of delay for end users as the clients usually connect without issue but it can be very disruptive.

    Suggestion:
    Have VPN Profiles only reconnect/restart only if a dynamic object (DNS Host or…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  3. Remove the Limit of 50 Configs in OpenVPN GUI

    Currently there is a limit of 50 configs in OpenVPN GUI.
    There are already prereleases of the original OpenVPN GUI which remove those limit and add nested configurations.

    I would like to see that in Sophos UTM SSL VPN Client too.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support VPN Configuration from Microsoft Intune and Windows 10

    Microsoft have been working on their Intune Solution which includes a way to configure a VPN policy that is deployed. There are a number of "Connections" available from other vendors by Sophos are not present. It would be great if Sophos would create a "UWP VPN plug-in" which will allow us to be able to configure VPN's via this. If using Autopilot in the future too a VPN maybe required if not in the office and this same configuration is used.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  5. APIPA range over route based VPN.

    APIPA range over route based VPN

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  6. VPN connection log

    The default behaviour of the SSL VPN client is to truncate the log file on OpenVPN startup. Want to have the option to append in stead of truncate.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  7. Improve sorting on tables (Specifically Users table)

    Currently you can sort by name, status, or email. It's not intuitive that the ability to sort asc vs. desc is only available under the current sort method. If you're sorted by name it looks like the option to change direction is only available for name. It's not until you change to status or email that the drop down gives you the option to change the sort direction.

    What I would like to add is the ability to sort by authentication method (remote, local) and date of creation (or last changed date will work). We have hundreds of VPN users…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  8. IPSEC networks overlapping static routing entries

    Currently it's not possible to configure site-2site ipsec Connection with networks which are already configured in static Routing. It doesn't matter if the ipsec Networks are smaller than the static route Networks. The ipsec deamon results in an error message like: "cannot route -- route already in use for "

    It should be possible to setup a site-2-site tunnel with subnetwork ranges, which are already configured and covered by a static route.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  9. Hook to support DNS Server update for Linux VPN Clients

    An option to get a updated DNS Server for Linux VPN Clients. Currently the OpenVPN option only sets the DNS Server for Windows Clients.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  10. ssl vpn on XG

    possibility to add DNS to every different VPN Users group.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  11. Parallel use of old certificates after Signing CA regeneration

    My customers are using SSL-VPN.

    There are certain circumstances, and they need to regenerate the Signing CA.

    As you know, after regeneration VPN users must use new certificates.
    In other words, users will not be able to make remote access connections with old certificates.

    However, it takes time to distribute new certificates to users.
    Before a new certificate reaches the user, not being able to connect to the remote access will hinder their business.

    I request it.
    Please allow remote access connection from clients of old certificate and client of new certificate until user gets new certificate.
    Also, please be…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  12. Different WAN Port for different SSL VPN

    For example, for WAN 1, I will let sales group to VPN to access certain areas of the network, For WAN 2, I will only let those road warriors to access a more restricted area of the network instead of using 1 WAN link that gets filtered by the UTM level. My previous vendor, Watchguard, do have such function, except that Sophos has a higher throughput.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add Intelligent Notification for IPSEC Tunnel Up/Down

    Hello Sophos,

    For many of our customers, we had configured a number of IPSEC Tunnels and enabled the notification when a Tunnel goes Up/Down. Due to Dead Peer Detection (DPD) the tunnel going down due to inactivity and coming up again, Which sends a number of Up/Down notifications which are useless for us.


    1. Shouldn't Sophos be smart enough to recognize the status change is due to Dead Peer Detection and do not send a notification?

    Or


    1. An alternate solution to the problem is if you can introduce an alert which sends a notification only when a tunnel is down for…
    33 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  14. HTML5 VPN Portal for iOS

    The HTML5 VPN Portal works for almost all platforms exept iOS. It would be great if you could add support for RDP/VNC connections on iOS devices.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  15. Http prxy graphical real time presentation

    One thing I would have liked in Sophos UTM is a status report for the http proxy, as I find it difficult to see what the http proxy computes when the proxy eats most of the CPU.

    I would love to see a webpage with graphical presentation of all proxy requests that take longer than X ms (adjustable). For each of these requests, I wish information about:

    • Who/source (hostname/IP address) that created the request
    • Destination URL/Destination (Protocol, Url/IP Address) to which the request refers
    • Current processing time, ie, how long has the proxy worked with the request …

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  16. SSL VPN Software Deployment (XG)

    We need the ability to deploy the SSL VPN client is a centralized manner. Our remote users do not have local admin rights on their machines, so it would be great if a package could be deployed that would automate the install. I understand that each installation package has the users' certificate, but there still needs to be a solution to this. It was simple with the firewall product we moved from to remotely deploy the SSL VPN client software to the endpoints.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  17. Deliver Complete Certificate Chain for User Portal

    The user portal in the UTM is not able to deliver the complete certificate chain. It is missing intermediate certificate due to which our VPN Portal is categorized B on online SSL Testing websites.

    29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  18. Whitelist SSL VPN

    Currently there's no way to isolate specific SSL VPN users in Sophos. While a Firewall rule can be set to access the whole service there isn't a way to allow users A, B & C access from any network but limit user D to only a specific IP or range.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  19. Route Based IPsec tunneling

    To connect more than one location to a microsoft azure environment it is neccesary to build route based IPsec connections. In future Microsoft azure will be a important solution platform, so many customer will use this solution.

    22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  20. Notifications for failed VPN login

    It would be good if notifications could include failed VPN connection attempt.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.