SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Standalone OTP

    Add OTP (2-factor authentication) as a stand-alone feature, to be used with specific NAT rules, or access rules.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. IP Ban/Black list (quickly accessible - dynamic)

    Very very often there are random attacks (SMTP/WEB/SSH etc.) occurring from a certain hosts/bots - often small pool of random addresses.

    It would be EXTREMELY handy if we could have a Quick-Access-Dynamic-Absolute-IP-Blacklist.
    What would be even better is if we can create and maintain such lists per interface basis. (one for WAN, one for Internal1, one for Internal2 etc.)

    No host definitions, no firewall rules, no network definitions, no timeouts, no application filter, nothing.

    Just a plain simple, clean, one-click away, absolute IP ban/blacklist.

    25 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Firewall Automatic UPnP Option

    I saw an older post about having to option to enable UPnP on the firewall. I understand that it is inherently less secure so should be disabled by default. Would be nice to enable it by even a per IP or MAC basis. With all the other features of the firewall that can detect botnet traffic it shouldn't be that big of a downgrade in security. I've tried Sophos UTM Home for personal use and punching holes in the firewall for every single device was hard enough let alone how it would be for a larger network makes it hard…

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add rules for TLS SMTP and update Email Messsaging group

    Since many mail providers want TLS for SMTP I suggest adding an TLS SMTP (Port 587) rule.
    The rule should also be added to the Email Messaging group which is predefined!

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Domain Network Definition

    It would be very beneficial to be able to create a domain network definition to build firewall rules off of. For example, I might only want hosts which reverse to the domain of .att.net to be able to connect to a particular firewall rule. Or perhaps hosts with a .edu extension to be able to use a firewall rule. There are many uses for this (including SMTP).

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. automatic block incoming TOR clients dynamic, means every traffic from tor to my webmail should be blocked

    Hello,

    it would be really fine if we can block all incoming TOR and anonymous VPN clients. This should be possible for all incoming connections.

    a list of exit nodes are here:
    https://check.torproject.org/exit-addresses

    this list should be "imported" automatic scheduled.
    for now, there is an option "block clients with bad reputation" for webserver protection, but this is not working (using latest firmware )
    Firmware version: 9.209-8
    Pattern version: 69668

    thats it

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Backup databases/reports/data on the Sophos UTM in addition of the system configuration.

    Backup databases/reports/data on the Sophos UTM in addition of the system configuration.

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Firewall Order of Operations

    Firewall Order of Operations

    Based on testing and additional information found in other request, it appears that the proxies/security services have a higher order of operation over the firewall. As such, even with firewall rules in place, the security services override those settings. With email protection, this essentially opens up SMTP on the Sophos UTM to anyone on ALL interfaces. This, thus, increases the surface attack area of the device to an unacceptable level.

    Changing the order of operation would allow the administrator of the device to dictate, via firewall rules, what can and can not access the Sophos UTM…

    23 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. STIX Importing

    Have the ability to import STIX entries (Structured Threat Information eXpression) for automating rule creation.

    http://stix.mitre.org/

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Timeout of Snort

    It is requested that it be recorded in the log when the monitoring of snort does the time-out.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for sharing your ideas with us. I wanted to get some clarification though, because it’s not clear what this request is asking for. The IPS engine doesn’t have any sort of timeout value that would cause an event to need to be logged.

    If you mean that when IPS causes a session to timeout because it has discarded packets, that this should be logged, but this is exactly what IPS does by default. Can you clarify what additional behavior you’re asking for?

    Thanks again for sharing.

  11. application control on schedule

    Being ablee to do application control on schedule for per exemple allow facebook only on lunch and break time

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Control on Sophos NAT port exhaustion

    show on Sophos if is there NAT port exhaustion using CLI

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Network Protection Firewall Rules - Set special Interfaces within a rule

    Within a single Firewall-Rule and NAT-Rule I would like to set on which Interface a connection has to arrive and leave.
    If the connection arrives on a wrong interface, this should be ignored.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Prevent WebAdmin on additional IP address.

    When an additional address is added to an external interface, the UTM can be managed through WebAdmin over port 4444 on that additional address. I would like to see a check box when adding the new addtional IP address that asks if you'd like to be able to manage over this IP or not.
    The additional IP is usually for a NAT, say for instance a NAT for my exchange server. It doesn't make sense to me that https://ip-of-exchange-server:4444 allows someone to manage the firewall.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Create Sophos Splunk App for UTM

    Create a Sophos UTM Splunk App like other firewall vendors (i.e. checkpoint, cisco) but integrate IDS, AV features. Include pre-defined dashboards that show firewall denies, IDS blocks, Anti-Virus actions etc...

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. dynamic DNS

    We know that bad actors like to churn their DNS information to prevent categorization services like UTM / TrustedSource. This was confirmed recently when I read research showing that DNS hosts on dynamic DNS have a disproportionately high incidence of malware. I cannot envision that our users ever need to visit a dynamic-dns FQDN for purposes essential to our business, so I would like the ability to block them. In my view, if an entity cannot afford a static IP for their services, they are not big enough to be a partner to us. If implemented, this might be an…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. deploy IPS exception from SUM

    I suggest you to be able to deploy IPS exceptions from SUM (as we can do with ATP)

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Block psiphon proxy latest version (other vendors already blocked it)

    Need to block this ASAP as UTM is useless when it is bypassed by this software

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Block client connection without Sophos Endpoint Protection

    We got a Problem right now in our Network. With several "boot disks" it is possibe to Change the local admin user account or get Access to the registry and disable sophos endpoint protection. One of our employee did it. One of These who thinks he can do what he wants and he is the best, but it's another Story ;)

    Everything was blocked by device control allready, but it works only when the Workstation is up. While booting you can do what you want.

    It's easy to Change the BIOS Password by resetting it with the Mainboard battery (disable…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. heartbeat policy option

    I would like to suggest that with heartbeat enbaled that when someone is Red or no heartbeat that there is an option to either block internet access, or to drop next policy in the list

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.