SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. to have a list of all identities present in IPS or an RSS feed

    It would be nice to have a list of all identities present in IPS or an RSS feed.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Creating groups of services

    Creating groups of services. Now you have to create one NAT rule for every service. It´s difficult to see which rules belong together. With groups all services belong to a technical request would be fulfilled with one rule.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. SOPHOS UTM integration with FireEye device (IDS)

    SOPHOS UTM has an available integration with FireEye device (IDS)?. This is to automatically block the sites categorized by FireEye as malicious.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. upnp with requirement for static dhcp extra-meta tickbox as acl for upnp deamon plus device probing and cloud based behavior intel

    Add secured uPnP support with requirement for a static dhcp extra-meta tickbox serving as acl for upnp deamon's trusted access. You might even go as far to deepen the acl with rules applied to device request possible based on a detection probe.and central intelligence for generalized behavioral modification of UTM layers based on the fingerprint of network device, with review and customization. That would greatly simplify and automate the GUI experience.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Sophos NAC managable by the UTM

    Activate on specific UTM interfaces the NAC service and in based of the info provided by the Sophos NAC client, activate or deactivate specific packet filter rules.

    • Packet filter rules for authenticated users with Sophos NAC client enable and Computer compliant
    • Packter filter rules for users not authenticated with Sophos Nac client enable and compliant Packet filter rules for users non authenticated with Sophos Nac client enable but not compliant Packet filter rules for non authenticated users without any Sophos Nac Client
    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Option to directly enable new rules

    Give a checkbox to directly enable new rules

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enable REDIRECT for DNATs

    With this capability, any Proxy can be made transparent, even when the traffic arrives on a bridge. In other words, be able to create working REDIRECT/DNATs like 'Any -> HTTPS -> {221.222.223.224} : DNAT to {10443} on External (Address)'

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Networking: Ability to bind IP subnets to multiple interfaces

    Currently it is only possible to apply IP subnets to a single interface. If there are for example multiple interfaces connected to the internal network and OSPF is used for routing, an IP subnet could be reachable from any of these interfaces. Within the network definitions, only one interface can be defined for spoofing.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. load balancer

    The server load balancing currently in ASG 9.3 works great on our internal/private network. I attempted to make it publicly accessible and failed. Sophos support just informed me the load balancer can only be used on a private network. They've stated dnat can not be used with the load balancer to load balance publicly accessible servers. I suggest this feature be added to a future release.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Enable Firewall rule in creation process

    In order to make packet filter configuration easier, you should add a switch for directly enabling a firewall rule by creation. Very often people forget to enable a newly created firewall rule. By default the switch is not enabled.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. MAC address filter - add a description field for MAC Addresses

    All is said above :-)

    In Windows DHCP service I can add a comment for each MAC address. Would be nice to have this in the UTM too.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Server Load Balancing: Choose HTTP Response codes for failed servers other than 5xx (for ex. 404!)

    By now only 5xx HTTP Response codes tell the SLB to disable a real servers (a failed one) and 200 for OK. We want to be able to determine our own HTTP Response Code to disable real servers like 404. This makes it way easier for an admin since he only has to check for a simple empty file - if its there -> 200 (up), if not -> 404 (down). We use this also with HAProxy and it works great.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Data upload limits per-client or per-user to help detect rogue activity

    Monitoring and limitation of upload trafic for dedicated clients and servers for (e. g. x MB/day) to recognize potential trojan activities

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Networking: Masquerading (NAT) Balancing Across All Public IP's

    Use all available public addresses on the WAN interface, even though the HTTP proxy is turned on. The reason for this feature is to keep users working, even if the primary WAN IP address is offline.

    22 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Network Protection: Firewall pop-up informaton when hovering mouse

    Hi!

    When I go to Network Protection - Firewall and hover over an object I get a pop-up showing the name of the object which is also written in the rule base. Since the name is the thing I am hovering over I have no use of that information but what I really need is the IP address.

    As it is now I have to move frequently between Network definitions and Firewall rules / NAT or I have to open up every rule and hover over the object in the rule definition.

    Since this is time consuming and error…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. API Gateway

    Enhance border protection by offering an API gateway solution, ala Forum Systems' Sentry API Gateway. As more companies begin to rely on distributed infrastructures that rely on remote API communication, especially within the cloud, there is a clear need for this type of security.

    Considering Sophos' "all in" strategy on cloud offerings, "layer 8" intelligence from CyberRoam, and mobile security from Mojave, Sophos already has the key components in house to dominate this emerging market at a far more competitive price point.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Whitelist for Country blocking

    Be able to block a country except for a particular host that you do business with.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Networking: Display Flow Monitor per-Application

    Ability from the flow monitor to select a traffic and have only the graph of this application/protocol on the period
    to see his load and peak versus time
    so a kind of filter which only show one application/port

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. SNAT HTTP/HTTPS Proxy Traffic

    SNAT HTTP/HTTPS Proxy Traffic

    I would like to suggest a feature which will enable me route my outbound HTTP/HTTPS traffic with SNAT with content filtering policy enforcement. i.e. without exception.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Fix the Country Blocking Exceptions to allow the exceptions to work properly

    When I want to allow only specific hosts or DNS names from a specific country, it should allow that and actually work.

    So if I block all of Russia, I should be able to explictly allow items for a specific business I interact with therebyt either IP or DNS host name. The system says it allows this now, but it doesn't fully work.

    I may also only want to allow email traffic (port 25) for one company but not allow other port traffic.

    This is opened as a support case as well, but support technician said to open a feature…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.