SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add the feature of adding IP List on SSL VPN Allowed IPv4 network settings

    Currently there is no option to add an IP list in allowed ipv4.Network resources. This feature was there in Cyberoam. Post migration to Sophos, it wasnt possible.
    Request to add this feature, so that ACL will be more sophisticated at Firewall Level.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  2. openvpn 2.4

    my uses sometime connect but cant access network resources - they try again a couple of hours later and it works

    the net says there are issues with windows 10 and these are mostly fixed with openvpn version 2.4

    as version 2.4 has just come out it may be worth waiting until 2.4.5 for any bugs to be fixed but to schedule this into the UTM development pipeline

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  3. VPN: Local VPN ID choices with IPsec PSK

    This has been marked as "completed" but to my understanding is only half complete.
    Having multiple IPSec site-to-site tunnels autheticated by PSK, one still can't freely choose the ID for each tunnel.

    Given I have multiple tunnels to customer networks (where I can't change the ID Type expected for my host)
    some expect me to give the external IP as Peer ID others expect the hostname (which sometimes doesn't even match the real one)
    Under current 9.4 I can only set my ID once for all tunnels but not individually per tunnel.
    So any Connection should also allow to edit…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  4. Changing the Tunnel name of Amazon VPC site-to-site on UTM

    Hello Team,

    We have a request here from our customer to habe option to rename the Tunnel name of Amazon VPC site-to-site on UTM. Right now, all of Amazon VPC site-to-site VPN tunnel names are vpc-0 in their UTM configuration. There are requesting the option for have it to be rename for them to make it easily identifiable.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  5. There should be a way to log out/ disconnect PPTP Users from Cyberoam device

    There should be a way to manually disconnect logged-in PPTP Users from the cyberoam device. This is giving us big issues as we have to reboot our cyberoam device when multiple users.

    the scenerio is that, when there system suddenly goes off due to power outage, they find it so difficult to reconnect because we assigned a static IP to the users. the only way out is to reboot our device

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  6. Set MTU for SSL VPN and enable "engine aesni" for OPENVPN

    For make ssl-vpn faster, I would like to set MTU for SSL VPN and enable "engine aesni" for OPENVPN on AWS Sophos UTM9.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  7. rulechecks sslvpn clients

    We would like restrictions to be checked on when sslvpn clients are connecting towards the network.

    For example if someone is running a specific service, the network connection is allowed, and otherwise not. or for exampe, if there is no anti-virus running from a specific vendor.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  8. limit a SSL VPN profile to be able to login just from a specific IP address

    I need to limit a SSL VPN profile to be able to login just from a specific IP address and another profile no limit !!!!

    I understand that I can simply open/close the User Portal and prevent access to the client/certificates but this is not that I am looking for because not vpn profile aware !!!

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  9. Copy and Rename IPSEC Tunnels

    I would like to request to include the option to copy and rename IPSEC VPN Tunnels on the same device.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  10. Geo Location based VPN access

    Allow the remote user to access SSL VPN based on their geo-location.

    For example, if we have two remote users say, user1 and user2.

    We want to allow user1 to be able to connect to VPN from the US only and in the same way, we want to allow user2 from India only.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  11. The HTML5 VPN Portal should have a Wake On LAN feature when connecting to a PC over RDP

    The HTML5 VPN Portal should have a Wake On LAN feature when connecting to a PC over RDP. This would enable power savings to be turned on while providing users with the ability to remotely wake and connect to their PCs/Servers over the network (say for a standby environment).

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  12. HTML5 VPN Portal: Copy and Paste from Local Machine to Remote and from Remote to Remote

    Please add the feature for the copy and paste from local machine to HTML5 session. It would also be nice to allow copying from HTML5 session to another HTML5 session.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  13. Full mesh VPN - something like Cisco DMVPN technology

    Full mesh VPN - something like Cisco DMVPN technology

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  14. SSL VPN reconfiguration

    SSL s2s VPN. There are seted up for branchs it’s own Server instance. And I faced strange behavior. After I reconfigure any server instance (for example add local network), EVERY SSL s2s VPN tunnels goes down and after some time it reconnect again.

    Regular OpenVPN server can work without that issue! So I believe that Sophos too.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  15. prompt for credentials when using NLA with HTML5 VPN Portal

    Instead of having to enter static credentials in the Admin Portal for RDP connections with NLA, the user should be prompted for their credentials when using the connection. Having static credentials doesn't make sense when only admins can enter them (meaning the admin has to know everyone's credentials) and passwords are changed on a regular basis (meaning the admin has to update the password on every connection every x days).

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  16. Support packet fragmentation for packets arriving from internet that will be crossing an IPSec VPN tunnel

    Currently packets >1500 bytes from our ISP connected to a UTM (v 9.404-5) are accepted and fragmented for traffic destined to a LAN. However, packets > 1500 bytes from the internet that will cross an IPSec tunnel (also terminating on the UTM) to reach a remote network are rejected with the UTM sending an ICMP fragmentation needed.

    If the UTM will accept jumbo packets and fragment for the LAN, it should do the same for traffic to networks across a VPN tunnel.

    See case 6142979 for additional details.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  17. IPSec Site to site policy IKEv2 SA Throughput

    To configure a stable site to site with Microsoft Azure on a UTM 210 with a poilcy based route you have to configure the Phase 2 security association (SA) Lifetime (Throughput) as well as the time because without it the site to site will fall over as soon as you hit 1GB of throuhgput. The VPN will not connect until a system restart is performed.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  18. implement two or more network ssl vpn

    having two or more SSL VPN IP networks with different ranges to better split the VPN

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow changing of the DPD values on the UTM GUI

    Allow changing of the DPD values on the UTM GUI. Currently we can only switch the Dead Peer Detection on or off. We should be able to change the DPD action and delay & timeouts from the graphic interface.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure Validated VPN device

    Work with Microsoft to get listed as an Azure Site-to-Site Validated VPN Device.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.