SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. SUM: Suppot network ranges in SUM

    Sophos UTM9 supports network ranges, but SUM does not.

    0 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Web Based User Password and Certificate reset.

    One of the challenges in a very large environment is when a user has to reset their password and doesn't remember their old one. For our environment we have to go and manually delete the cert for the user and change their password in AD.

    What would be Nice is if there was a one stop shop for this though the Web Gui like the Recovery system. Where it allows a Tech to reset BOTH AD and Certificate passwords for the user. Or at least delete the Certificate so that when the user logs in after changing their password it…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. SMC: Only whitelisted apps allowed in Apple App Store

    Currently, although there is a possibility of whitelisting/blacklisting apps in SMC, there is no way of actually allowing App Store on the device and restrict the downloading/installing of apps. To have full control of the device, you have to actually implement a policy of disabling the App Store itself.

    Ideally, the App Store should be available and only whitelisted apps are allowed to be installed. This would also allow the users to update the installed apps. The current solution is a drastic push policy to allow App Store, ask users to update apps and ask them to call back when…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. add an option to specifiy when the UTM checks for updates, not just how often

    I have a few clients that have metered internet connections (satellite). However, they have an download window from midnight-5am, where any traffic is not counted towards there monthly limit.

    Right now I can specify how often the UTM checks for pattern updates, It would be great if I could specify an exact time to do it so I could have it update during that window to save them bandwidth.

    thanks!

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Monitoring: Add Zabbix / Nagios client

    A lot of us (at least with bigger environments) are using systems like Zabbix or Nagios to monitor their stuff.

    An direct integration of the clients into Astaro would it make a lot easier to integrate the Astaro boxes into it. SNMP alone does not provide a lot of values which are interesting to monitor. Like:
    - Packet filter violations
    - IPS stats
    - VPN Users online
    - and much more

    278 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Provide variables to show the authenticated user name, group membership and filter assignment

    Provide variables to show the authenticated user name, group membership and filter assignment when customizing the Web Message->End-User Message description. This would allow the user and admin to quickly see that the user was authenticated properly and the group membership is correct.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Save Button for Changes

    Changes in the GUI shouldn't be active immediately. There must be a save button to activate changes. It is very important to prevent mistakes and you can change several setting and activate all at the same time to not lose the connection.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. 28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  7 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. RADIUS

    RADIUS support for ssh access.
    There are a lot of things which you can only do on a shell. Either with ssh to the box or with the serial console. One example might be tcpdump /cc commands/ grep.
    However, logon does only work with loginuser and or as root. Having multiple admins, you never know who does what. And this is a nightmare for auditing or troubleshooting reasons.

    Therefore, I would recommend to enable RADIUS authentication (or other authentication) for ssh and console access.
    I really would prefer a behaviour like most other network devices:
    Logon to the box based…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. alow in-place migrations with USMT ‘Hardlink’ data migration on encrypted drives

    We have a requirement to perform in-place migrations of workstations numbering in the tens of thousands. A major barrier to performing these migrations has been the controllability of Sophos Safeguard versions
    5.x and 6.x. Our engineering organization has developed some workarounds that enable certain in-place migration scenarios where Safeguard is involved, but other scenarios that have been deemed critical to the success of our mission have remained unaccomplished
    due to limits placed on our ability to control Safeguard.

    During our past meeting with Sophos engineers, we posed some questions regarding these in place migration scenarios in an effort to receive…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. Management: Backup/Export mail quarantine, reports, database and logs to USB Hard Disk / Flash Drive

    Backup or export the quarantine folders and other data not included in the backup files on the UTM. For example a mail being held in quarantine could be extremely important. If a device fails that data would be lost. Allowing external storage even just to a single restorable backup file would be a big selling point

    19 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Central Management option to name the unit being added to the SUM server.

    Currently the hostname is used to identify the UTM in SUM. You then need to go into that unit on SUM and edit the Registration with a Friendly Name. It would be nice on the UTM under Central Management to add a Registration Name. This name would then be used in the SUM Server to identify the UTM.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. Manage notification settings from UTM Manager

    It would be nice to be able to control notification settings for all devices from the UTM Manager (Astaro Command Center).

    For example, if I want to go and disable notifications for "Failed SSH login" on all UTM devices, I have to make the change on each device. Same applies for changing the sender and recipients of the notifications.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. add configuration change control to webadmin

    Here's what I see this feature looking like: When enabled, admins can make changes to the current config, but changes would not be applied to the running system, until the change control is approved.

    Approval should be configurable, so that only authorized users can approve a change control, and optionally, require more than one admin's approval to be approved.

    Multiple simultaneous change requests should be allowed, and the approval section should report the requested changes, and any changes which conflict with other requests. (i.e. two requests that edit the same object or value)

    Once approved, a request should able to…

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. ACC to produce exportable asset list report of all hardware under management

    It would be useful in these days of security auditing to have the ACC produce an asset report of all hardware under management including all serial numbers of ASGs / Sophos UTM devices within clusters

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. Management: Unify Static DNS / DHCP mappings to Object Definitions

    Use the same data for DNS static entries as for Network host definitions.
    Like this we would not need to enter the same data twice.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  3 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. WebAdmin: Configuration Changes Commit/Rollback Support

    Hi,

    If should be great to save an history of the configuration each time an administrator save something and maybe create a restore point to rollback to the initial configuration if something does not work after some modifications.

    Thanks,

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Management: Enable UPS sharing

    It should be possible to make the UTM the UPS master and other servers obtain notifications from UTM or UTM becomes a client of another UPS server offering informations.

    185 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    26 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  19. Authentication: Import DNS hosts lists from AD OUs

    When importing objects from AD Astaro does not differentiate between users and computers in AD. If I sync an OU that contains computers, they are imported as user accounts which doesn't make sense. Couldn't there be an option to import those computers into the network definitions as DNS hosts? This way it would be easier to create specific rules for PCs on the network without having to create all the definitions.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. Astaro Command Center - VMWare FUSION support

    Astaro Command Center - Please Provide VMWare drivers and integration components for FUSION so Macintosh Users using VMWare can use this product. Currently you only support VMWare's esx and vsphere.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.